In 2010, typed passwords remain the principal method for logging into various accounts on the internet. Despite the critical part that passwords play in securing access to email, FaceBook or Bank accounts, many users still use unsuitable and simple passwords.
The danger of a password being guessed by way of a dictionary attack or brute force process increases greatly with a simple password or one commonly used by others. The problem is compounded when such users also employ the same password across all their different accounts accessed via the internet; namely email, social networks, bank accounts and work place networks. Once a hacker can breach the password for one account, with some more work they can cascade through to other accounts and enable them to steal the identity of the user.
Recent surveys of compromised accounts have revealed some of the most obvious and easy to guess / crack passwords, including:
1. 123456
2. Password
3. Qwerty
4. iloveyou
5. Princess
6. Welcome
7. abc123
8. Dragon
9. Football
10. 777777
Some slightly more bizarre passwords but popular enough to make them known to hackers and dictionary attack programs are:
1. ncc1701 – The ship number for the Starship Enterprise
2. abbaabba – Reference to the Swedish pop group
3. qazwsx – Similar to the qwerty pattern when typed on a typical keyboard
4. 221bbakerstreet – The fictitious address for Sherlock Holmes
5. ou812 – The title of a 1988 Van Halen album
Improve the strength of your passwords
Experts recommend a number of improvements to strengthen your passwords and make them harder to be guessed or hacked:
1. The password should contain at least eight characters
2. It should contain a mix of four different types of characters (i.e.: upper case, lower case, numbers and symbols)
3. It should not be a name, normal word, date of birth, street address, team name or contain any part of your own name, car plate number or email address
4. It should not be stored unencrypted on your PC or phone
5. It should be changed regularly, at least once a month
6. You should have more than one password for different websites [such as social networking] whilst the password for your bank account etc should be unique
7. It should not be shared with anyone else and not disclosed to any `IT support’ people phoning you to give assistance
8. It should not be written down on paper left in a place with public access
There have been occasions when I have sat down at other peoples’ desks and observed post-it notes with usernames and passwords written on them pasted next to the screen or else left in a drawer. Frauds can often get started when a fraudster easily accesses passwords via simply combing a colleague or supervisors desk.
Lastly, if you are issued a password when an account is first created, be certain to change the given password immediately to one of your own making. I once worked on a fraud matter and discovered that a number of employees had failed to change their password after being given access by the IT department. The password? Welcome.
Do you need to know more about our services and how Regents can assist you with preventing information loss? Simply go to our Contact Us page for our phone numbers or else send an email to contactus@regentsriskadvisory.com with your contact details and we will respond at once.