Using 123456 for your password? You may want to change it
A survey has found the number string was the most widely-used password among accounts that had been breached
If you are using the password 123456, you are by no means alone. But you may want to consider changing it to something harder that is a little harder to crack.
A new survey has found the password 123456 was the most widely-used password on accounts that had been breached.
The study, by the UK’s National Cyber Security Centre (NCSC), searched public databases of accounts that had been hacked to see which passwords were the most popular.
The number string 123456 came out on top - appearing in more than 23 million passwords - while the second most popular was the slightly extended version, 123456789.
Others in the top five included the words ‘qwerty,’ ‘password’ and the string of numbers ‘1111111’. Passwords also included first names as well as references to Premier League football teams, such as ‘Liverpool are champions’.
“We’ve seen password123, we have seen first name and last name [and] we have seen date of birth,” said Rabih Dabboussi, senior vice president of business development at UAE cyber security contractors DarkMatter.
“I would say this is a problem across the globe. Our [own] findings are fairly consistent with other cyber surveys and reports.”
Weak passwords, outdated and unsupported software were recently identified as the top three cyber security threats facing the UAE.
A study by DarkMatter between July and September 2018, identified around 276,000 system vulnerabilities across nearly 800,000 UAE affiliated websites, hosts and domains.
More than a third of the vulnerabilities were rated “high” or “critical” with weak passwords being a major cause.
Experts said passwords should ideally be as long and as complex as possible.
“For historic systems, the password was typically eight characters,” said Mr Dabboussi. Our recommendation is 14 plus.
“The complexity of the password is important. The standard recommendation is to use multiple character types including lower case, upper case, numbers and symbols and at least four of those in a single password.”
Other common security mistakes made by the public include creating a file entitled ‘password’ to collate them all together.
The name makes it easy for hackers to find should they be successful in hacking the system storing the file.
In recent years the UAE has rolled out a number of cyber security initiatives including appointing school ‘ambassadors’ for electronic security.
The pupils, aged between 14 and 18, aim to raise awareness of good security practices among the public.
“A password should never be shared with anyone - not a close friend, family member, other employee, an IT employee, not your boss,” said Mr Dabboussi.
Updated: April 21, 2019 03:38 PM