Best practice for passwords is three random words not your pet’s name says the UK official National Cyber Security Centre (NCSC), a part of GCHQ. Ahead of National Pet Day on Sunday, April 11, it has released a survey of UK passwords. Often they are made up of things people can easily predict – such as their pet’s names (15pc of those surveyed), family members’ names (14pc), a significant date (13pc) or their favourite sports team (6pc).
Some 6pc of the UK admitted using ‘password’ as all or part of their password – meaning millions of accounts could be easily breached by criminals using trial-and-error techniques of common codes, the NCSC points out. The cross-government Cyber Aware campaign recommends using passwords made up of three random words and saving these in an internet browser.
NCSC Director for Policy and Communications, Nicola Hudson, said: “We may be a nation of animal lovers, but using your pet’s name as a password could make you an easy target for callous cyber criminals. I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords which recommends using passwords made up of three random words. You can even use our Cyber Action Plan tool to generate tailored, free of charge advice to improve your security against online attacks.”
More than one in four, 27pc of those surveyed said they now have at least four more new password-protected accounts than this time last year – with 6pc reporting to have added ten or more new accounts in the last 12 months, as they do more things online than before the covid pandemic. As the NCSC says, predictable passwords can be easily cracked by hackers, who could force their way into your accounts by simply guessing common pet names.
The Cyber Aware campaign offers these best password practices:
– Use a strong and separate password for your email. If a hacker gets into your email, they could reset your other account passwords and access information you have saved about yourself or your business. Your email password should be strong and different to all your other passwords.
– Create strong passwords using three random words – when you use different passwords for your important accounts, it can be hard to remember them all.
– Do not use words that can be guessed (like your pet’s name). You can include numbers and symbols if you need to. For example, “RedPantsTree4!”
– Saving your passwords in your web browser will help you manage them and can protect you against some cyber crime, such as fake websites.
People should report suspicious emails and texts by forwarding to [email protected] and 7726 respectively. Anybody who thinks that they’ve fallen victim to a cyber crime should report this to the police reporting centre Action Fraud (for England, Wales and Northern Ireland) or Police Scotland (for Scotland, which has pulled out of Action Fraud over its shortcomings).
Comments
Using easily guessable passwords, such as a pet’s name or a favourite football team, is a sure way to see your details up for sale on the dark web, said Ian Pitt, CIO at LogMeIn.
He said: “Personal information is often readily available on social media, where cybercriminals can find the details most commonly used in passwords and employ trial and error techniques to gain access to a user’s account. Common slip-ups in online security posture can then go on to have potentially devastating consequences for those involved.”
Adenike Cosgrove, Cybersecurity Strategist, International, at Proofpoint, said: “This issue will likely persist into the future due to human beings’ desire for convenience and the difficulty of remembering ever more complex passwords for the multitude of online services they use. Although complex passwords are recommended, the issue of people using the same password for multiple services is the bigger problem. A password’s complexity is irrelevant if people use the same password for everything. The repercussions can be serious, as one compromised password can open an individual up to identity theft or even put their entire organisation at risk.
David Emm, principal security researcher at cyber firm Kaspersky, said: “Our passwords are the gateway to a plethora of valuable personal data that should never be openly shared. This is why we urge everyone to be extremely careful of the login credentials they set; using weak or obvious passwords such as pet or family names is as good as shouting your secure information to a passerby.
And Brett Beranek, VP and General Manager, Security and Biometrics at the voice authentication product company Nuance Communications, said: “The discovery that many consumers are still relying on knowledge-based credentials – such as pet names, family names or notable dates – to protect and authenticate their accounts acts as a timely reminder that having an effective fraud prevention strategy in place – alongside the tools to support it – is no longer optional. From social engineering to email phishing and the creation of bogus websites, fraudsters are taking advantage of any lowered defences during our current pandemic and basic, easily guessed passwords and PINs are no longer fit for purpose.”
“Biometric technologies could provide an answer for organisations looking to keep malicious actors at bay and ensure the security of both their customers and employees. For example, voice biometrics are able to leverage more than 1000 unique speech characteristics – from pronunciation to size and shape of your nasal passage. Meanwhile behavioural biometrics measure minute details – such as how a person holds their phone or even how they pause once they finish a task. Security systems that incorporate these authentication tools are considerably less susceptible to fraudsters. When it comes to fraud, prevention is always better than a cure.”
