- Security TWENTY
- Women in Security
George is the most frequent weak password name used by consumers. Fellow royal Charlotte is the fourth most popular, according to a study carried out by a dark web product company ID Agent, a Kaseya company. Michael was the second most commonly used name in weak passwords, followed by Hunter.
The password analysis, which reviewed over two billion passwords, found – like other studies, such as by the UK official National Cyber Security Centre – that the most often used poor password used by individuals is ‘123456’. Then comes the word, ‘password’ and ‘email’; ‘password1’ secured fourth place, while ‘12345’ came in fifth.
A music band name most used in bad passwords is the ‘Beatles’ and, coincidentally, ‘Liverpool’ came out on top as one of the most commonly used poor passwords in the places category.
Kevin Lancaster, ID Agent Founder, said: “The fastest way for bad actors to penetrate a company’s defences is by obtaining that company’s passwords. Estimates suggest that over 80 per cent of data breaches are directly caused by weak, cracked or stolen passwords. Between work and personal systems, one user might need to manage as many as 135 different login credentials, and that’s a lot to track – which is why people often use simple words and tend to reuse and recycle their passwords.
“But with so many individuals currently working from home, the threat of cyber-attacks has never been greater, and the need for good password management is more important than ever.”
David Higgins, Technical Director at CyberArk said: “This World Password Day takes place in the shadow of a ‘new normal’ existence for much of the world’s population, characterised by soaring levels of home work. This has resulted in a blurring of previously distinct lines between work and home devices – with more remote workers are using personal devices to access work systems – opening up a vast new potential attack surface. Combine that with common employee practices like saving passwords in browsers or reusing passwords and this new landscape becomes a playground for attackers. Effective authentication of all devices now becomes even more crucial in order to protect not only PII but the critical data and assets of the organisations we work for.”
Terry Ray, SVP at Imperva said: “This World Password Day is like no other. In years gone by, we didn’t face the challenge of a large number of employees working from home and even more susceptible to cyber threats.
“We have all heard the radio adverts and the ongoing plea to protect yourselves when it comes to banking, shopping online and downloading files, but we are forgetting one of the simplest tasks – changing your password and making sure it is secure!
“A worrying number of people still fail to change their weak passwords or use the same password across different sites. Yes it is laborious on an individual level, but it is vital especially as businesses are more inclined to use one portal to host a number of applications and data.”
Mark de Simone, VP and MD, UK and Nordics, MEA, Italy, India and Asia at cyber product firm Wallix, said: “The consequences of a password breach can be catastrophic, providing cyber criminals with an open door to highly-sensitive company data. As a result, we have seen many organisations trying to enhance password security, by creating minimum complexity requirements and implementing frequent rotation.
“However, the challenge is that strong password security is often now seen as a trade-off, between what is easy to remember and what is secure. We are on the cusp of developing and implementing new authentication options, such as biometrics and other powerful access management systems which will create a password free IT landscape, but to some extent this can also be breached. As a result, organisations should also look at how to limit the impact of a potential breach by preventing users from seeing everything on their network. With privileged access, users will have a limited view into highly sensitive data, and this can be restricted not only by role, but also by factors such as time and location. One fact that remains untouched is that users still need a password or authorisation in some form – so we should look beyond password strengthening and complement this with a failsafe.”