Recycling is good – but not with passwords!
Tuesday, April 30th, 2019
Earlier this month, the UK’s National Cyber Security Centre (NCSC) published a list of at-risk passwords, alongside its first ‘UK Cyber Survey‘.
The list comprises the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches. The results show a huge number of regularly used passwords, and words included within passwords, that have caused vulnerability.
Alarmingly, the list of compromised passwords was put together from global breaches that are already in the public domain, having been sold or shared by hackers.
Perhaps not surprisingly, easily the most hacked password – with more than 23 million breaches – was 123456. The third-highest (3.8m) was QWERTY and the fourth (3.6m) was ‘Password’. The table below highlights how use of your favourite football team, pop act or superhero can render you vulnerable.
The full list of 100,000 most hacked passwords can be found here. By using the ‘Find’ option on your browser you can check to see if your password is already on the list. (Examples: ‘Liverpool’ appears in 28 variants – liverpool1, liverpool, liverpool8, liverpoolfc etc – ‘Arsenal’ in 27 variants, and ‘Beyonce’ in 5 variants.)
If it is, then you should change that password immediately.
Just as importantly – maybe more so – you should guard against reusing passwords across multiple accounts. We are asked to set up usernames and passwords for so many purposes these days, and there is a natural human propensity to reuse passwords. Often we have no choice of username, which may be our e-mail address, which puts greater importance on a secure password.
Some sites and platforms will be more secure than others. A data breach at one organisation (and we constantly hear of them even at organisations we might expect to be secure) opens a realm of possibilities to hackers. By using automated software, they can try the same username and password combinations across a multitude of accounts, networks and sites. As noted above, lists obtained from breaches may be shared or sold among hackers.
The NCSC Cyber Survey demonstrated the concerns across the UK’s population about cyber security. For example:
- 42% of those surveyed expect to lose money to online fraud;
- 70% believe they will likely be a victim of at least one specific type of cyber crime over the
next two years; - Just over one in three (37%) agree that losing money or personal details over the internet is
unavoidable these days.
Carrying out the full list of online protection recommendations can seem daunting, but everyone can make a start by managing their passwords securely. Thames Valley Police advises: “use a strong password or passphrase, which is at least 12 characters long and contains a mixture of letters, numbers and symbols.” Dr Ian Levy, NCSC Technical Director, suggests: “Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”
And please try to avoid reusing passwords!
Liverpool may be back in top of the Premier League, but our table of breached passwords linked to teams isn’t one @LFC fans will want to be leading…https://t.co/EGpLAO5gVk pic.twitter.com/lApZgjVdmk
— NCSC UK (@NCSC) April 21, 2019
Other Recent Posts
Forum Meeting April 5th 2023 – report, minutes, video
Tuesday, April 18th, 2023
Report, minutes and video recordinig of Forum meeting April 5th 2023. Focus choices made for Neighbourhood Policing teams: Burglary – Speeding – Drugs Read More...
Green Shoots for Policing in our Neighbourhoods?
Tuesday, April 18th, 2023
Recent proposals by UK Government, Thames Valley Police and Thames Valley Police & Crime Commissioner (PCC) all make promises of increased resources for Neighbourhood Policing and greater focus on neighbourhood crime. Read More...
TVP Consultation on Local Policing Proposals
Tuesday, April 11th, 2023
Proposals have been made for a major review of local policing within Thames Valley. Active participation will make the point that we care about local policing, and retaining and rebuilding a local presence. Please express your views. Read More...
Open Letter from New Chief Constable Jason Hogg
Wednesday, April 5th, 2023
Open letter and video sharing the priorities of new Chief Constable Jason Hogg; “supporting victims, fighting crime, and building trust and confidence amongst our communities.” Read More...
Neighbourhood Watch Free Crime Prevention Webinars
Monday, February 13th, 2023
Neighbourhood Watch is running a series of free Crime Prevention webinars throughout February. Places available on Psychology of Scams and Preventing Burglary with WIDEN. Read More...
New PCC Whatsapp Broadcast Group
Wednesday, February 8th, 2023
Residents wishing to be kept up to date about local crime issues can sign up to the newly launched Police and Crime Commissioner WhatsApp broadcast group. Read More...