As we enter the New Year there is always a rush to establish what we learned from the previous year and report it. 2015 is no exception and a recent report on the BBC newsbeat website gives a stark warning to all IT professionals about allowing users to set their own passwords as they have published the 2015 most popular passwords list.
Yes People Really Do Use These Passwords
- At the top of the list is “123456” – an all time favourite and surely the most obvious password historically.
- Second and also a regular favourite for the list is “password”. Not even with a mix of upper and lower case – just the word.
- Positions 3,5,6,8 and 9 are all variations on the top password in that they are consecutive numbers 123 etc etc – you get the picture.
- Intellectuals probably smile confidently as they use “qwerty” for their sensitive data, stunned by their own cleverness no doubt, and 4th on the list.
- Sports now start to appear so “football” and “baseball” are in places 7 and 10.
- To add some event-driven entries we can see “starwars” come in at 25.
We could go on but despair is eating away at us. A child could break these passwords let alone a cyber criminal.
Lessons to be learned
The weakest link of your security can often be your users so enforce a sensible password security regime that at least:
- makes users enter a strong password
- enforces regular resetting to a new password
- locks services if too many incorrect uses of a password are detected
- encrypts stored passwords in case of a security breach
- resets passwords when staff leave so they cannot access their accounts from outside of your business
Users will take the easy way out, especially with company systems, if you allow them to, so make sure a policy is in place and is being followed.
For further computer security advice or a review of your current arrangements, please contact us.