“People who use well-known words or names for a password put themselves and other people at risk of being hacked”, said Dr Ian Levy, technical director of the National Cyber Security Council.
“Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” he said.
For its first cyber-survey published this month, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used.
Top of the list was 123456, appearing in more than 23 million passwords! The second-most popular string, 123456789, was not much harder to crack, while others in the top five included “qwerty”, “password” and 1111111. The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.
Three random, but Memorable Words are the Best Bet
The study helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited. The NCSC said people should string three random but memorable words together to use as a strong password.
Only 15% confident they can protect themselves online
The NCSC found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online. Less than half of those questioned used a separate, hard-to-guess password for their main email account.
Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the “single biggest control” people had over their online security.
Letting people know which passwords were widely used should drive users to make better choices, he said.
This concerning news was published at the NCSC’s Cyber UK conference attended by Katy Hinchcliffe, Littlefish’s Head of Cyber Security, in Glasgow this week, 24-25th April.
The Report featured on the BBC here – https://www.bbc.co.uk/news/technology-47974583
Learn more about Littlefish’s Cyber Security Services here.
About Katy Hinchcliffe
Littlefish Head of Cyber Security Katy Hinchcliffe, is a highly regarded cyber security leader. With over a decade’s experience delivering a broad range of cyber security services to enterprise clients for global IT outsourcer Capgemini, notably managing the prevent, detect and respond functions on behalf of Rolls-Royce, Katy is now responsible for developing Littlefish’s Cyber Security practice.
Your People: Security Weakness or Effective Threat Warning System?