According to the latest report on weak passwords, the most common term to breach cyber security is…
Password.
The Weak Password Report, released yesterday, analysed over 800 million breached passwords and the top ten most used passwords to easily allow threat actors into systems were:
- password
- admin
- welcome
- p@ssw0rd
- qaz2wsx
- homelesspa
- p@ssword
- qwertyuiop
- q2w3e4r5t
- q2w3e4r
Interestingly 88% of the passwords used in successful attacks consisted of just 12 characters or fewer, with the most common security breaches (24%) being passwords of just 8 characters. Additionally passwords made of just lower case characters were also commonplace, making up nearly 19% of IT successful hacks.
Furthermore, and quite ironically, the weak password study highlighted the fact that over 80% of the compromised passwords fulfilled cybersecurity compliance for a number of standards, including Cyber Essentials.
How Are Passwords Discovered?
Attackers use a number of techniques to gather passwords, from the very basic to more sophisticated technical approaches. Some of these include:
- Finding insecurely stored passwords, e.g. on a sticky note on a monitor.
- By “shoulder surfing” where a user is seen typing in their password.
- Social engineering to trick users into revealing passwords like phishing.
- Using personal information such as date of birth, pets’ names or city of birth.
- Using data leaked from security breaches.
- Brute-force attacks, using cracking tools and huge “rainbow tables” of pass data.
- Keylogging or intercepting passwords or their hashes over networks.
Once hackers have the data they need, they can attempt to break into systems.
Improve IT Security with Better Password Policies
The report reached several conclusions including the fact that the length and complexity of passwords alone were not the answer to security.
Whilst longer and more complex passwords reduce the risk of IT security breaches, alone they are not always enough. Organisations should improve their password policies to mitigate the chances of a security break.
Solutions can include systems administrators refusing to accept the most used passwords, as listed above. Additionally, they can push 2-Factor Authentication (2FA) or even Multi-Factor Authentication (MFA). Other solutions include Single Sign-On (SSO) where staff can use one set of secure credentials to access multiple systems, reducing the need to create and remember good passes.
Businesses should implement IT security solutions to protect their organisations and that’s where ITSD come in. Speak to us today to implement Cyber Essentials or Cyber Essentials Plus or ask us about our other cyber security solutions.
ITSD is an IT Support company in Surrey and London, providing IT Security and cyber security services to organisations across the UK, Ireland and Europe. Call us on 01932 260 606 or complete our contact form.