SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
New year, time to update your passwords
Thu, 7th Jan 2021
FYI, this story is more than a year old

The FBI issued a call to action for people to start their New Year with new passwords.

With various data breaches happening every day, it is important to maintain good cyber hygiene, and New Year's is a great opportunity to adopt this new habit.

According to Risk Based Security, 2020 was already the worst year on record by the end of Q2 in terms of the total number of exposed records.

Furthermore, in the first three quarters of 2020, there were 2,953 publicly reported breaches.

The password manager NordPass has recently released its annual research on the most common passwords of the year.

The most popular passwords of 2020 were easy-to-guess number combinations, such as 123456, the word password, qwerty, iloveyou, and other uncomplicated options.

Despite the constant reminders from cybersecurity experts, after comparing the list of the most common passwords of 2020 with the same list from 2019, it became clear that people are still using simple passwords, NordPass states.

For example, the password that was first on the list in 2020 was second in 2019, and the top second password from 2020 was third in 2019.

NordPass security expert Chad Hammond says, “Most of these passwords can be hacked in less than a second. Also, they have already been exposed in previous data breaches.

"For example, the most popular password 123456 has been breached 23,597,311 times.

The security expert also warns about the threats of not using a unique password or using one that's easy to hack.

Hammond says, “Your weak passwords can be used for credential stuffing attacks, where the breached logins are used to gain unauthorised access to user's accounts.

"If you fall victim to a credential stuffing attack, you might lose your Facebook or another important account with all its contents.

"Also, your email address could be used for phishing attacks or for scamming your family and friends, who may very well fall for it, as the email will supposedly be coming from you. Weak passwords can also be brute forced.

In terms of expert recommendations, Hammond says, “We recommend that people use strong passwords that are lengthy and contain letters, numbers, and special characters.

"In addition to that, the passwords must be unique for every account. Furthermore, it's a good idea to use multi-factor authentication to enhance your protection even further.

For the NordPass research, the list of passwords was compiled in partnership with a third-party company specialising in data breach research. They evaluated a database that contained 275,699,516 passwords in total.