Monday May 20, 2019
Home Lead Story Passwords on ...

Passwords on Sensitive Account Are Still Easy To Guess

The most common name to be used in passwords was "Ashley", followed by "Michael", "Daniel", "Jessica" and "Charlie".

0
//
social media
"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," Pixabay

Millions of people are using easy-to-guess passwords on sensitive accounts, with “123456” being the most widely-used on breached accounts, suggests a security study.

The study by the UK’s National Cyber Security Centre (NCSC) helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited, the BBC reported on Sunday.

For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used.

password
Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the “single biggest control” people had over their online security.
Pixabay

Top of the list was “123456”, appearing in more than 23 million passwords. The second-most popular string, “123456789”, was not much harder to crack, while others in the top five included “qwerty”, “password” and “1111111”.

The most common name to be used in passwords was “Ashley”, followed by “Michael”, “Daniel”, “Jessica” and “Charlie”.

When it comes to Premier League football teams in passwords, “Liverpool” came first and “Chelsea” second. “Blink-182” topped the charts of music acts.

hacking
For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. Pixabay

People who use well-known words or names for a password put themselves people at risk of being hacked, said Ian Levy, technical director of the NCSC.

“Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” he said.

Also Read: Violent Relationships Can Increase The Risk Of Mental Disorder in Women

Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the “single biggest control” people had over their online security.

“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them.” (IANS)

Next Story

Beware! Hackers Are Watching Your Every Move As You Shop Online

Be wary of clicking on emails from unknown sources or deals that look too good to be true.

0
Amazon
Cyber criminals use look-alike spam to lure in victims with links to bogus websites. Businesses should train employees on how to "spot a phish". VOA

With more and more Indians going online and generating never-heard-before kind of data, hackers have turned their focus on a country with over 450 million smartphone users and more than 550 million Internet users.

The country has 366 million Internet subscribers in urban locations and 194 million in rural areas, says the latest report by Telecom Regulatory Authority of India (TRAI).

According to Sophos Senior Security Advisor John Shier, organisations are struggling with phishing and other user-focused attacks in India.

hackers
Cyber criminals use look-alike spam to lure in victims with links to bogus websites. Businesses should train employees on how to “spot a phish”.
Pixabay

“Most people don’t believe that computer-based training (CBT) is effective and are looking for ways to improve their defenses against users being tricked into inviting malicious attackers into their network,” Shier said in a statement.

A KPMG report in April revealed that nearly 86 per cent of the consumers in India are concerned about eavesdropping of their conversations or theft or misuse of their messages through their devices.

“The proliferation of connected and IoT devices will have a cross-sector impact on areas around data security and privacy. In response to this, regulators will need to establish mandatory data security requirements,” said Atul Gupta, Leader-IT Advisory and Cyber Security Leader, KPMG in India.

Around 87 per cent of the consumers are concerned that retailers will misuse or improperly distribute their information.

According to Gauri Bajaj, Director, Cybersecurity (APAC), Tata Communications, the adoption of cyber security remains a key challenge.

“The recent spate of cyber attacks only highlight the security risk that takes place both within and without the organisation. It is imperative that employees are sensitised to the risk of security breaches and trained to respond in such a scenario,” Bajaj said.

Not just phones, wearable devices like smartwatches are the next frontier for cyber security.

“The future of wearable tech in the world of AI and predictive technology will be highly individualized, data driven and analytics intensive. One of the bigger applications of this will continue to be in the healthcare and fitness sector.

“However, what is key to make this happen is also building a holistic ecosystem that tracks, guides and designs individualized plans for each individual, at a low cost,” said Vishal Gondal, CEO and founder GOQii.

It isn’t enough to have an IT security team and having a strong culture around security is the next step in maturity for security awareness programmes, say experts.

hackers
According to Sophos Senior Security Advisor John Shier, organisations are struggling with phishing and other user-focused attacks in India. Pixabay

“Use a unique, complex password for banking and other financial online accounts. For others, use a password manager to keep them organised and readily available. Use Two-Factor Authentication (2FA) when available to provide an extra layer of security on accounts,” Shier said.

Be wary of clicking on emails from unknown sources or deals that look too good to be true.

Also Read: Social Media Giant’s CEO Mark Zuckerberg Rejects The Claim ‘Time To Break Up Facebook’

Cyber criminals use look-alike spam to lure in victims with links to bogus websites. Businesses should train employees on how to “spot a phish”.

“Use a layered business security strategy to provide protection at multiple levels to avoid attacks from different angles. Be wary of IoT devices on any network. Change factory default passwords immediately out of the box,” the Sophos executive added. (IANS)