12 Cyber Threats of Christmas – Password Hygiene

In our 12 Threats of Christmas feature, we want to look at cyber threats and issues that can impact organisations.

Some may be known to you, whilst others, may seem a little more out of the box.

On the fourth day of Christmas, our cyber threat is:

Password Hygiene

It was revealed this week that 44 million Microsoft accounts use passwords that have already been hacked or stolen by cyber criminals.

On top of that, some people’s passwords are far too easy for criminals to guess. The National Cyber Security Centre revealed in their UK Cyber Survey, that over 23 million people are still using ‘123456’ as their main password.

Incredibly, 7.7 million additional password users have opted for ‘123456789’ as their main password defence. The analysis of the 100,000 most commonly re-occurring passwords highlights the increased vulnerabilities to a law firm’s security if an ordinary password is used.

In the UK alone, premier league teams like Liverpool, Chelsea, Arsenal, Manchester United and Everton are used as the main barrier of password protection by around 800,000 users.

Whilst this is dangerous for a personal account, the cyber report highlights that less than half of respondents use a strong, separate password for their accounts; potentially placing an organisation’s security at risk.

The NCSC emphasised that millions of commonly used passwords are pwned (sold) on the dark web and harvested by cyber criminals. These harvested lists are then used by cyber criminals to breach the perimeters of a user’s account or used to move within a network of less defended systems.

Luis Corrons, security specialist at Avast, commented:

“Cyber criminals collect personal data, like login credentials, from various sources including data breaches, and sell it on the darknet for other cyber criminals to abuse. Creating strong and unique passwords for each online account is nearly impossible, which is why people create weak passwords that are easy to remember or re-use passwords for multiple accounts. Cyber criminals take advantage of this behaviour by trying to infiltrate accounts through brute force, attempting to use personal information to guess other passwords, or purchasing leaked credentials on the darknet to log into further accounts.”

When it comes to passwords, what steps can I take to keep my business secure?

Here are some steps you can take to ensure passwords aren’t the weak link in your organisation’s cyber security:

  • Change your passwords regularly
  • Passwords should be a mixture of:
    • Letter both upper and lower case
    • Numbers
    • Special characters (such as &8$)
  • Don’t re-use passwords
  • Don’t use the same password for multiple websites

Take a look at our Password Video for more information.

Missed Day 3 which focused on Ransomware? Fear not, you can read it here.