After cybercriminals hacked into Adobe Systems last year, compromising approximately 38 million encrypted passwords, security researchers launched an investigation into password protection. Through their research, analysts discovered that the worst password a users could employ is no longer ‘password.’
According to InformationWeek, a list of 2013’s worst passwords compiled by password management application company SplashData found that ‘password’ is now the second least secure authentication credential being used today. A surprising number of individuals utilize ‘password’ due to its simplicity and hard-to-forget quality. Cyberthieves are painfully aware of this practice, and can crack any account ‘protected’ by this code with ease, putting endpoint data protection at considerable risk.
However, SplashData found that the absolute worst password, and most commonly used authentication code in 2013 was ‘123456.’ The company based its research on disclosures of the most frequently used passwords online, including information resulting from the Adobe breach.
According to the list, after ‘password’ and ‘123456,’ other terrible passwords making the cut, in order of ranking, include ‘12345678,’ ‘qwerty,’ and ‘abc123.’ The list also includes ‘123456789,’ ‘111111,’ ‘iloveyou,’ and ‘adobe123.’ Although Information Week noted that nearly a decade ago, Bill Gates predicted that users would rely less and less on passwords over time, insufficient authentication codes will continue to be an issue “for years to come.”
Do’s and Don’ts to boost endpoint security
Experts have compiled endless lists of tips to help users replace their easily cracked passwords with stronger, more secure login credentials. Here are a few do’s and don’ts of password creation aimed to boost users endpoint security.
- Do employ a mix of different characters, including upper and lowercase letters, numbers and special characters
- Do create a long password; eight characters or more is favorable, according to Secure Passwords
- Do have different passwords for every account requiring authentication
- Do utilize a password that you can type quickly and easily, without having to look at the keyboard, Secure Passwords suggested. In this way, if another individual is looking over your shoulder, it will be harder for he or she to determine your password
- Do establish a complex password that is memorable. Security expert and journalist Brian Krebs suggested choosing a collection of words that form a phrase or sentence, such as an easily remembered line of a song or the introduction to a novel. The first letter from each word in the sentence can create a strong, intricate password that is harder for cybercriminals to crack
- Don’t use the same password for any two accounts
- Don’t use easily guessed passwords, such as any of those included in SplashData’s list
- Don’t reuse passwords. If the word or phrase has been utilized to protect another account at any point, choose something different
- Don’t write down passwords or store them in an unencrypted file
- Don’t utilize passwords that may include sensitive personal information, Krebs advised. This can include a user’s birth date, Social Security number, phone number, or names of friends or family members
- Don’t create passwords using words found in the dictionary. Krebs stated that free online tools can easily decode these credentials
- Don’t choose a simple password and replace the numbers with letters, as in pa55w0rd