Bits n Bobs | Blog

How Good is Your Digital Security?

23/01/2015

The top 25 most commonly used passwords of 2014 have been released. How do both your personal and business IT security practices stack up against easy-to-guess passwords, and what can you do to increase your protection?

The 2014 list of most commonly used passwords has been released! While this might not excite everyone it does make for interesting reading. These lists are compiled from the many lists of leaked passwords (usually put up for sale or released publicly) resulting in hacks and data breaches from companies and organisations that hold website login data from around the world. While unscrupulous in its origin, you can get a really good idea about the security habits of the average computer user.

The Most Commonly Used Passwords of 2014

The 2014 list looks like this; does any of it look familiar to you?

  1. 123456
  2. Password
  3. 12345
  4. 12345678
  5. Qwerty
  6. 1234567890
  7. 1234
  8. Baseball
  9. Dragon
  10. Football
  11. 1234567
  12. Monkey
  13. letmein
  14. abc123
  15. 111111
  16. Mustang
  17. Access
  18. Shadow
  19. Master
  20. Michael
  21. Superman
  22. 696969
  23. 123123
  24. Batman
  25. trustno1

Source: CIO.com

The top seven are the usual suspects and come up year after year. When needing (legitimately, it has to be said) access to a users’ computer when they were away from their desk, “password” is the first one I try and it’s shocking how often it works first time! Beyond that, the user’s name, their children’s names or partners’ names were next, followed by any pet’s names. The latter always works better if there’s a reminder on their desk such as a picture of a pet dog!

Of course, this doesn’t only apply for personal security with websites and, specifically eCommerce online shops that potentially hold payment/credit card information, your shopping cart system is out there 24/7 while automated scripts across the globe are seeking out new vulnerabilities and open doors in security. Could your business afford the reputation damage of someone attempting the username “admin” and the password “password” on your online offering?

If any of the above sounds familiar or concerning then perhaps it’s time to rethink your online security. When attempting to break into a login form many hackers automate the job and use a method called a “Dictionary Attack” whereby they can try every word in a dictionary. Because it’s a computer carrying out the attack, they’re able to attempt many different combinations every second. The above list of passwords will be added to that list of attempts. If your password is found either above or in a dictionary then you’re at risk.

What To Do About It

The most obvious advice is choose better passwords – the more random the better. The longer the better as well, just to add further obfuscation. Replacing letters such as ‘L’ and ‘I’ with a ‘1’, while better than keeping the original letter, is now well known to hackers and it doesn’t take them very long to add these variations to their list of passwords to attempt.

There are services available, some of which offer free options, that can become your secure password library. They suggest randomly created passwords of any length of word and then store it. When you arrive at your website’s login page it can then pre-populate your login form meaning that you can have the most complex password the world has ever seen and not even know it yourself! These services include, though are not limited to;

Better Than A Password!

The Information Security industry is always making loud noises about how outdated and fallible security with a password is but, at least at the moment, there is no better and affordable alternative. Like anything, though, you can always make improvements and there are additional barriers that you can put in place to protect yourself and your business. Two Factor Authentication means that, using your phone, you can verify that it’s you sat at a computer trying to log into your website. Not only do you need to know your password but you also need your phone with you.

Speak To Us

Spiral Media work with eCommerce online store managers across a wide range of industries and if you’re at all concerned about your online security then give us a call.