Passwords are the gateway to all of our personal data. Whether it’s our online banking or social media profiles, there is a password in place to ensure that the information inside is kept private. But what if these passwords are not doing the job that they are intended for?
I’m sure you’ve seen it many times – when trying to create an account for an online profile the website asks you for a password which must adhere to a list of rules; more than eight characters; at least one number; one symbol; a mixture of upper and lower case letters. Although they make it awkward and often frustrating, these stipulations are essential in order to keep your details secure.
It is best to keep all of your passwords unique to each profile and not to re-use a password. Therefore, if someone gains access to one of your passwords, they still cannot get into any other account.
These stipulations are essential in order to keep your details secure
In addition to this, having a weak password leaves your account vulnerable to hackers simply guessing the password. Common words and character patterns are predictable and therefore easy for try and gain access. Data sets like this one from Have I Been Pwned disclose the most commonly found passwords in breaches of online accounts.
The most commonly used password, according to Have I Been Pwned and NCSC data is, probably unsurprisingly, 123456, with the rest of the top ten following equally simplistic patterns.
Top 10 most commonly leaked passwords:
From this it is clear that it is important not to use an easily guessable password. But that doesn’t necessarily mean that a random word will be secure. For example, the password ‘jamesbond007’ is recorded as being seen 15,508 times by hackers. Sports team names are often commonly used, with Liverpool taking the top spot for those in the Premier League. Blink-182 was the most used band name.
In total, Have I Been Pwned has records of over 550 million passwords. You can check whether your password or other details have been leaked by using the secure search function on their site.
Therefore, in order to maintain a unique, strong password for every site you visit you are likely to need some assistance to keep track of each one. This is where password managers are useful. Programmes can be independent applications or included in your web browser or operating system. Services such as Apple’s Keychain allow for secure storage of all saved passwords in one central location accessed through your computer or mobile device. These passwords can then either be auto-filled into the field when you log in, or viewed by opening the password manager programme.
To create a strong password, we recommend a randomisation site such as random.org to create each unique password. This site creates up to 100 passwords at a time at whatever length you specify and avoids using easily-confused characters like I (upper case i) and l (lower case L).
By using a random generator in conjunction with a password manager, you can ensure that each of your accounts are secure and not linked. See our full list of recommendations for making sure a password is secure below:
- Have at least 13 letters
- Include at least one number
- Use a mixture of uppercase and lowercase letters
- If possible, use a password generator to create a random string of characters
- Do not use a common word, name or string of numbers
- Do not use the same password for multiple sites
- Use a password manager to keep your passwords safe
Although correct password procedures are important, they are not the only way your business data can be left unprotected. Contact SeaBro IT today to find out how we can help you defend your information from hackers.