Unauthorised computer system or network access can be a major problem for businesses with potential consequences ranging from loss of valuable data or trade secrets to financial and reputational loss. One of the most common ways for hackers to gain this unauthorised access is through the low-tech method of guessing passwords. This simple technique is commonly achieved using a program or script that the hacker uses to quickly run through easily guessed and commonly used passwords.
Weak passwords enable hackers to easily gain access and control of a computing device, software, or application. A 2019 report published by the UK National Cyber Security Centre (NCSC) analysed passwords to accounts worldwide that had been breached. The report found that ‘123456’ was the most common password, with 23.2 million accounts using it, followed by ‘123456789’ with 7.7 million accounts and then ‘qwerty’ and ‘password’ each used by more than three million accounts.
Weak passwords enable hackers to easily gain access and control of a computing device, software, or application.
Businesses need to be aware of these common passwords and requirements should be set in place preventing users from setting such basic, easily guessed passwords for sensitive information. Passwords should contain at least ten characters and be a combination of characters such as upper and lower-case letters, numbers and symbols.
Password re-use is also a risk for both individuals and businesses. Attackers will attempt to gain access and if successful, will test the same password against other secured areas, making it imperative to have different credentials across various secure access points.
The issue with creating numerous and complex passwords is the challenge of remembering them. These passwords should never be written down for memory, instead a user should try and use passwords that are sufficiently complex but easy to memorise for the various applications as required.
Businesses should consider promoting the use of password managers to their employees. These applications securely store and generate strong passwords, increasing your business’s protection against these attacks.
Should remembering various passwords be too challenging, businesses should consider promoting the use of password managers to their employees. These applications securely store and generate strong passwords, increasing your business’s protection against these attacks.
Password managers store all your credentials in one place, which may not seem the most secure, however these applications tend to use some of the strongest encryption technology in the industry. Using the strong passwords they generate can make you and your business’s digital life much more secure than re-using the same password across multiple accounts.
Consider encouraging the use of these tools across your business to improve the cyber-safety of your business and ensure common passwords like ‘123456’ and similar variants aren’t available for use.