Password manager solutions NordPass has just issued findings on the 200 most commonly used passwords of 2020, including findings that some of the most commonly used passwords remain “123456,” “123456789,” “111111” and “password” – as are “pokemon” and “princess.” Cybersecurity experts offer thoughts.
Re the NordPass findings of worst passwords of 2020 – where after analyzing 275,699,516 passwords leaked during 2020 data breaches, NordPass and partners found that the most common passwords are incredibly easy to guess — and it could take less than a second or two for attackers to break into accounts using these credentials. Only 44% of those recorded were considered \”unique.\”
It’s great that NordPass is reminding us that things have not changed. This shows that people don’t see themselves as targets, because if they knew they were, they’d act differently. It\’s as if the thinking is: if it hasn’t happened yet, why should I care?
Cybersecurity is about preventing fires rather than putting them out and dealing with the damage. Security is about preventing both the attack and its aftereffects: ATOs, ID thefts, the revelations of personal data & medical histories, etc. The reality is that until and unless we push out that information through broad channels to consumers who aren’t particularly interested in security or even technology, people will only care when awful things start happening to them of those they love.
It is time for a broad, government-driven awareness campaign. Companies need to join this awareness by insisting on longer, unique passwords, the use of password strengthening tools, and regular requirements to update passwords, supported by email campaigns.
Pretty much everyone’s data is out there now. It’s time to start protecting our population through education. After all, very few would put all of their monies in a bank with unlockable doors and vaults. Ignoring cybersecurity risk factors such as weak, obvious passwords boils down to the same thing.
Passwords have long been the bane of people’s lives. Therefore, to make them easier to remember, people often use familiar words and phrases multiple times across different accounts. However, threat actors are well aware of this and know how to abuse this mindset.
Password managers, which can hold all our passwords securely, are the answer to this problem. Although many people think that putting all their passwords in one place on the cloud could make them vulnerable to attack, the opposite is in fact true. The clever use of two factor authentication (2FA) and robust encryption are a far stronger mix than having to remember 100s of accounts, each with three random words.
Furthermore, to fully protect your IoT devices, you should look at implementing 2FA on each of the devices too.
The top 200 most common passwords report, sadly, has no real surprises. Security professionals have been trying to teach good password hygiene for decades and it seems that people don\’t want to learn the lesson.
We have tools such as behavior analytics that can identify a compromised user, and there are tools like password managers and multi-factor authentication that make authentication more secure. But we\’ll continue having these problems when users make it so easy for the bad guys by using painfully insecure passwords.