A study from the National Cyber Security Centre (NCSC) has found millions of Brits are using their pet’s name as their online password despite it being an easy target for hackers.
<p>Using easily guessable passwords, such as a pet’s name or a favourite football team, is a sure way to see your details up for sale on the dark web.<br /><br /></p> <p>Personal information is often readily available on social media, where cybercriminals can find the details most commonly used in passwords and employ trial and error techniques to gain access to a user’s account. Common slip-ups in online security posture can then go on to have potentially devastating consequences for those involved. </p> <p><br />We’ve all grown accustomed to hearing news of data breaches, but people fail to understand how easily their details could end up in the wrong hands. Our research revealed the average Brit uses the same password across four accounts in their personal and professional lives, and this level of complacency could easily see a user’s details end up on one of the huge databases sold in hacker communities.<br /><br /></p> <p>Online security risks have risen substantially over the past year, but employing basic password security practices will go a long way in keeping users secure. This means using long, randomly generated passwords that are unique to every single account and contain lower and uppercase letters, digits and symbols. Simple solutions like password managers, also kill two birds with one stone as they can be used to both generate and store unique passwords for every log-in.</p>
<p>The recent study from the NCSC highlights just how imperative it is we talk about the problem of password reuse and opting for easy to remember terms such as a pets’ name. Many of us recognise this problem, but as human beings we will continue to opt for easy passwords– it’s a habit of convenience. Even the growing trend of forcing users to update their passwords regularly is not helping as the majority of people are just numbering their passwords, or cycling through a handful of regulars. With data breaches hitting the news on an almost weekly basis, and ‘credential stuffing’ techniques being used to great effectiveness against organisations, this does very little to impede a cybercriminal. </p> <p> </p> <p>Training up an individual on best practice is one thing, but for reliable security we have to look for ways of removing the human element from this process as well as enforcing multi factor authentication. There is always the potential for human exploitation by the simple fact that humans are present in our day to day processes, but let’s take password guessing and cracking out of the equation. In addition, this shouldn’t just come to the individual to implement either, organisations also have a reasonability and they need to take security seriously by enforcing multi-factor authentication. We are starting to see promises of this happen, especially from social media platforms, when it comes to key influencer accounts – but it is not happening enough.</p>
<p>Our passwords are the gateway to a plethora of valuable personal data that should never be openly shared. This is why we urge everyone to be extremely careful of the login credentials they set; using weak or obvious passwords such as pet or family names is as good as shouting your secure information to a passerby. Whilst seeing that 40% of respondents said they had never used an easily guessed item as a part of a password is encouraging, there is clearly work and education to be done for many. Often consumers are complacent to attacks if they do not think they are at risk, but it’s important not to take chances with weak passwords, and choose secure ones made up of random words. More importantly, you should never reuse them. While convenient and more easy to remember, just as you wouldn’t use one lock and key for every possession of value, you shouldn’t do it online. Implementing a password manager can help people create complex passwords. In addition, consumers should also consider using two-factor authentication where available, as it adds an essential layer of security.</p>
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics