Iloveyou monkey dragon. No, that’s not the name of a Game of Thrones episode – those are three of the most commonly used passwords around the world. So, if you’re reading this and thinking “that’s funny, that’s my password too”, stop what you’re doing and change it immediately!
The National Cyber Security Centre (NCSC), in collaboration with Have I Been Pwned creator, Troy Hunt, published the file containing the top 100,000 passwords yesterday. Top of the list again for the umpteenth time was 123456, closely followed by its cousin 123456789.
Other popular passwords can be categorised into names, sports teams, fictional characters and musicians.
How quickly could your password be hacked?
While you can have the most advanced antivirus software, firewalls and encryption programs on the market, your data is only as safe as the password that protects it. We regularly hear about passwords & email addresses being stolen by cyber criminals, like the LinkedIn breach of 2012. These lists are sold online and available for anyone to exploit.
Using a list of popular passwords and free open source tools like John the Ripper, a hacker can gain access to your email, social media or computer within seconds. The likes of password1 can be hacked in 0.20 milliseconds. Have a go yourself and test the strength of your own here.
What’s the latest password etiquette?
Most of us have been told that a longer password is best, with a combination of numbers, cases and special characters. However, as password cracking software becomes more advanced and cyber criminals become craftier, we need to stay one step ahead.
- 12 characters is great but a mix of 4 random words, a passphrase or song lyric is even more secure. Myheartwillgoon is much better than Celine96.
- Don’t recycle! We implore you to use a different password for every account. We know what you’re going to say “How am I supposed to remember 50 different passwords?” or “That’s ridiculous, who’s going to hack me?” or “My password is really strong, it’ll never be guessed.” Trust us – you may have no control over your password being stolen and then you have to go and change everything. Nightmare.
- It should go without saying but DON’T save your passwords to your web browser. Use a password manager like Last Pass. Then all you have to remember is one!
- Don’t be an eejit. Don’t write it down. Don’t share it.
- Log out. Log out. Log out. Cyber threats aren’t always as a result of outside influences. Malicious insiders will likely use someone else’s computer when downloading confidential information or accessing servers. Just heading to the loo? Log out. Running out to grab a coffee? That’s nice. Log out.
We could go on forever about the best practices but the lads over in NCSC have put together a great blog on how to make sensible password choices and educate your team.
Of course, if someone in your company does end up using a weak password and you fall victim to a data loss, the Datastring ninjas can ensure your data is backed up to the cloud and offer some robust Disaster Recovery options.
Give our team a call to find a solution that works for you +353 1 699 4540 or firstname.lastname@example.org.