Passwords All Employees Should Avoid

by securedatamgt | 03 Feb 2016

Weak Password

Every year the security firm SplashData publishes a list of the most commonly used passwords from users based in America and Western Europe (where large scale data breaches are most frequent).

New passwords are added to the list every year, with some classics such as ‘12345’ almost guaranteed to make an appearance. These passwords are the mostly easily cracked during a data breach. Obviously, any passwords that appear on the list below should be avoided, as their use could lead to a data protection and information security breach.

Top 10 Most Used Passwords:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball

If these passwords look familiar it might be time to come up with some new ones. Splashdata has released a list of the 25 most common passwords. It’s worth browsing through this list in its’ entirety for entertainment – as well as IT – security purposes.

Star Wars came in at number 25 with other Star wars references such as ‘princess’ and ‘solo’ also creeping into the top 25. A boost in popularity no doubt due to the success of the latest hit movie in the sci-fi franchise. Whilst these passwords probably won’t appear so high up in next year’s list it is best in general to stay away from passwords that are particularly current in popular culture.

The list is a stark reminder of just how easy it is for hackers to access users’ digital information. It demonstrates that many are still not heeding basic IT security advice which is so easy to get right. Splashdata compiles its’ list by looking at 2 million passwords that have been disclosed after security breaches in the past 12 months; the method the firm uses to compile its’ list of shame shows that these weak passwords really can be used as a gateway by cyber criminals looking to infiltrate users’ data.

Secure Password Tips

At this point it is probably worth reiterating some of the most important rules when it comes to creating a new password. If one is following basic cyber security advice, this should be done on a regular basis. While most of these rules may seem pretty obvious, it is clear from the list above they are still being ignored.

  1. Never use the same password for multiple accounts.

  2. Use a mixture of upper and lower case letters as well as numbers.

  3. Stay away from using personal details in passwords such as a date of birth or the name of a family pet.

  4. Have a password that is at least 12 characters long.

  5. If you don’t trust your own creativity there are password manager programs that can help.

For employers who might be concerned that their employees aren’t following the rules listed above, there are those in the tech world looking to solve this problem by creating hardware which can store passwords en masse and protect these passwords from being leaked by storing them away from a businesses’ main network. A British firm, Silicon Safe, has produced such a device which has already been tested by UK businesses and will be available for others to purchase in the spring for £100,000.

The hardware can easily integrate with a company’s existing IT infrastructure and has proven resilient against all staged hacking attempts so far. Its’ maintenance costs are minimal and the firm claims that it will be straightforward for IT departments to manage.

Other firms having been promoting password replacements such as finger print authentication and two step identity authentication processes. Despite this, most users still use passwords for the majority, if not all, of their cyber security needs. Having a secure password is still absolutely key for IT security, whether a business possesses the newest hardware or not.