Unsecured passwords can lead to data breaches and ransomware attacks – potentially leave companies having to pay a fortune. New research provides a shocking insight into just how lax Americans’ passwords are, with one in every 142 passwords being the sequence, “12345”.
This research comes just a week after President Trump’s Twitter account was easily hacked due to poor password habits. Victor Gevers, security researcher and chair of the Dutch Institute for Vulnerability Disclosure, recently revealed that he could access the Twitter account of the president, thanks to his easy-to-guess password, “maga2020!”.
Cyber security is a huge concern for most modern business, and it’s only getting more troubling with remote workforces. So, let’s uncover the common mistakes Americans make with their passwords, and what solutions are available.
What Password Mistakes Are People Making?
When it comes to passwords, there’s usually a common set of mistakes that pop up. The first is predictability. With all our personal data being held online, you’d think we could come up with more inventive passwords to keep us safe. The reality, however, is that people are still very lazy with creating passwords.
A recent study showed that the most common password remains ‘123456’. In fact, on average, one in every 142 passwords is ‘123456’.
The other major issue that tends to occur is reusing passwords on multiple sites. As soon as hackers breach a database of credentials, all online accounts using the same password are compromised. And if your password is as predictable as ‘123456’, you’re at considerable risk.
How Predictable Are Your Passwords?
Security.org asked 750 Americans to share their password strategies and security habits to see whether there were any recurring patterns in password issues.
Here are the key findings:
- 45% of Americans use passwords that are eight characters or less
- 25% of Americans share their personal passwords with other people
- 15% of Americans use strong password generators
- 21% of Americans have used Trump or Biden as part of their password in 2020. More Americans use Trump (12%) than Biden (9%)
- 14% use “COVID” in their password
- 20% admit to dropping an f-bomb or other curse word as part of their passwords
The Consequences of Bad Passwords
The implications for bad password management get worse, still, when you consider how common it s for users to re-use the same passwords over and over across multiple accounts. Just one of those accounts being breached could put multiple logins at risk.
To give you an insight into the nightmarish world of poor-security management, NordVPN evaluated the highest-profile data breaches so far in 2020. Among these, the following data breaches lifted vast numbers of passwords:
Zoom credentials hack – In the first week of April 2020, more than 500,000 stolen Zoom passwords were reported to be available for sale on the dark web. Some of the credentials were given away for free, while others were sold for as little as a penny each. The credentials each contained the username, password, registered email address, host key, and personal meeting URL.
Marriott social engineering attack – In March 2020, the Marriott Hotel Group suffered a huge data breach, which compromised the records of 5.2 million hotel guests. Hackers were able to draw off the data of 5.2 million guests by hacking the user credentials belonging to just two members of Marriott’s staff.
easyJet credential theft – The UK-based low-cost airline easyJet announced that cybercriminals had stolen data records of 9 million customers. With Europe’s strict GDPR rules, companies that breach data protection regulations could be in for some eye-watering penalties. The law firm PGMBM filed a class action lawsuit on behalf of the affected easyJet customers for $23 billion (£18bn).
How Can You Secure Your Passwords?
Ignorance truly is bliss. Although 91% of consumers agree that using the same password poses a security risk, roughly 66% of Americans use the same password anyway.
So, really, our main solution is to listen to experts and change up our password habits. Below, we’ve listed a few basic rules to follow when it comes to cyber security:
- Have long, strong passwords, with a mixture of numbers, letters, and special characters
- Don’t reuse passwords across multiple sites
- Store passwords securely – let a password manager do the hard work for you
- Use two-factor authentication
- If a site you use has a data breach, change your password immediately, and check you’re not re-using that password and email combination on other sites
This means you’re going to end up with a lot of passwords if you don’t reuse them, right? Well, that’s where password managers come in handy. A password manager can mitigate a lot of the stress and danger around exposed staff login details.
Luckily for you, we’ve tested the most popular password managers, and found 1Password to be the best, thanks to its extensive feature set, some tempting price plans, and easy to use interface. Dashlane comes in a close second, with global favourite LastPass not far behind.
Local Storage Option
Password Generator Function
A password manager can create secure, complex passwords for you. You won't need to remember them yourself.
Live Chat Support
Overall cost per year for a single user.
Cheapest available business plan
Click to Try
BEST ON TEST
Some tech companies are also trying to do their bit to help us with our password problems. In a recent blog post, Microsoft announced it has improved its compromise-detection capabilities to better defend against password spray attacks.
According to the tech firm, their software uses machine learning to double the existing detection rate, while maintaining a 98% level of precision.
“Our data scientists started researching the use of these patterns and additional data to train a new supervised machine learning system incorporating IP reputation, unfamiliar sign-in properties, and other deviations in account behavior. The results of this research led to this month’s release of the new password spray risk detection.” – Alex Weinert, Microsoft Identity Division – Security and Protection Team
This new machine-learning detection is able to detect twice the number of compromised accounts of the previous algorithm.
So, there are plenty of steps we can all take to make sure our data is kept safe and sound. All you need to do now is change your habits – and steer clear of ‘123456’!
Tech.co is reader-supported. If you make a purchase through the links on our site, we may earn a commission from the retailers of the products we have reviewed. This helps Tech.co to provide free advice and reviews for our readers. It has no additional cost to you, and never affects the editorial independence of our reviews. Click to return to top of page