We shared an article about this in 2018, and it is still surprising to see even today that the same easy to guess passwords are used.
Now 2020 is upon us, we take a look again at these reports. A recently released document by Nord revealed what they have seen as users passwords, sharing the most used insecure 250 passwords.
Attackers use a list of at least tens of thousands of passwords in attempts to gain access to your systems, and this is even before lists of passwords are easily purchasable through the dark web where users may actually have complex passwords in use.
Using easy to guess passwords makes security of applications and services non existent, unless you are making use of MFA which will improve the security situation, and if your staff do not use good password practice and hygiene, then it leaves the security of your organisations data and business at risk.
We recommend the use of a Password Manager, and there are some great multiuser business tools out there, check out our recent blog post here or click the + symbol at the top right and check out 1Password
Ensure your passwords are secure
Top 10
The Top Ten doesn’t really contain any surprises for us, apart from the non surprising “password”. What is interesting is the list of women’s names being used and the strings of characters that are on the keyboard that are used to
- 12345
- 123456
- 123456789
- test1
- password
- 12345678
- zinch
- g_czechout
- asdf
- qwerty
More importantly – what is zinch and g_czechout to make it into the top 10 ?
Ensure your passwords are secure
Top Tips for Password Security
- Be as complex as the system allows. Most systems these days should allow for a phrase to be used, try to get a minimum of 16 characters
- Keep passwords unique to each platform. That way if one platform gets compromised and account details are shared on the dark web for a few £££ then your other applications and services wont be affected
- To help with the two areas above, use a Password Manager. We advocate the use of 1Password
- Use Multifactor authentication wherever its possible, most major platforms support it, Facebook, LinkedIn, banking systems etc
- If you have Active Directory in your business, enforce a password policy
