22 January 2015
I couldn’t believe my eyes yesterday when I came across the revised list of our most commonly used passwords. The 2014 version, compiled by SplashData, lists publicly leaked passwords (which is evidence in itself of their inefficiency) and must be like Christmas come early for cybercriminals.
What’s most surprising about it is that ‘123456’ and ‘password’ are still the most frequently used of all! And when you look a little deeper into the story, you realise these two passwords have actually held the top two spots since 2011. The new additions to the list aren’t great either, and include ‘batman’ and ‘superman’, which – in reality – will save you from nothing.
I think we sometimes fall prey to an ‘out of sight, out of mind’ mentality, whereby we can’t see the threat so we don’t deal with it. Cybercrime – like many forms of crime – seems to happen to other people, not us. Yet this mentality is a false sense of security. If you use the same short, easy-to-guess password for every account then you’re an easy target for cybercriminals.
Hackers use passcode cracking software that feeds from a dictionary of words, entering multiple combinations of these words until the correct password is found, so it’s not that time intensive to crack an account. The advice for protecting yourself remains the same: use phrases instead of dictionary words, and replace some letters with numbers and symbols.
One of the arguments I often hear is that it’s difficult to remember different passwords for different accounts; however, you can use association to help you. For example, if the homepage of a certain website has an image or colour that prompts a certain thought or association, use that as the basis for your password. Multi-factor authentication is another way to secure your accounts and a lot of sites, like Gmail, are quite proactive at getting you to set this up.
So, if your password for all of your accounts is currently ‘12345’ or even ‘batman’, it might be time for a rethink.