x Abu Dhabi, UAEThursday 27 July 2017

No safety in numbers, list of worst passwords shows

A list of the worst passwords to use online from 2013 has been published.

ABU DHABI // When it comes to computer passwords, do you like to keep it simple? Do you use the same pass for different accounts? Is your password “123456”?

If the answer to the last question is yes, you officially have the worst password of 2013, the application firm SplashData says.

And Global Security Network in Abu Dhabi is strongly advising users to choose different passwords for each account as the threat of cyber crime grows across the region.

SplashData, which revealed that the sequence “123456” had unseated the ever-popular “password” as the worst password to use online, has released the 25 least secure passwords for last year.

Among them were “qwerty”, “abc123”, “admin” and, perhaps the not so obvious but still extremely common, “monkey” and “shadow” – all of which leave users at risk of their privacy being compromised by hackers.

The top 25 was complied from leaked lists of passwords obtained by hackers throughout the year.

“Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” says Morgan Slain, chief executive of SplashData.

“As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”

According to guidelines from the cyber-security body United Arab Emirates Computer Emergency Response Team (aeCERT) – “a good password is one that is not easily guessed or cracked”.

“When creating a password, you should select one that is at least eight characters in length, contains a mixture of upper and lower case characters, contains numbers and contains special characters,” the guidelines say.

“The problem for many users is being able to remember so many passwords as we frequently sign up to more and more online services.

“One way to create a strong password that is easy to remember is to use a ‘passphrase’. Think of a phrase that you can easily remember.

“Then use elements of this phrase, such as the first two letters of each word, to create your password. Add in a mix of numbers, cases, and special characters, and you have a good password that is also easy to remember.

“A common hacker tool, called a password cracker, attempts to guess your password by using all the words in the dictionary, and even some common variations,” aeCERT continued.

“Using a strong password makes it less likely that a password cracker will succeed in guessing your password.”

Protecting your online information has taken a new focus as the threat of cyber crime increases across the region.

Figures from a recent study by Symantec show as many as half of the UAE’s smartphones were hacked in some way last year.

It also highlighted that 56 per cent of users grossly underestimate the risks of malware being present on their devices.

“The first thing is you should be using different passwords for your different accounts,” said Gilles Loridon, chief executive of Global Security Network.

“The most important thing is that your passwords for Gmail or Yahoo and your banking account, for example, are different. If one of the accounts is compromised, which is very likely on your email account, then every other account is accessible.”

Mr Loridon agreed that the key to remembering all those different passwords is to use a passphrase.

“For example you remember that your phrase is ‘I love my wife Mary and our two kids’. You then use the first letters of each word – then you have a longer password, then you add special characters.

“The minimum should be 10 characters. Ideally you should change your passwords every three months.

As technology improves, the days of having to remember passwords may become obsolete as biometric data is used.

Fingerprint and eye scanners are increasingly featuring in newly released technology such as the iPhone 5s – which unlocks by scanning your finger.

These, however, depend on hardware, not just software, so it may be a while before they become widely available.

ksinclair@thenational.ae