Learning To Be Tough On Weak Passwords
East Ayrshire Council has blocked weak passwords after an annual audit revealed their 6,000 employees were leaving the organisation open to cyber threat. It was 2017...
Read Full ArticleThe most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as their password.
Brits have been urged to apply steps to stay safe online after results of the UK Cyber Survey exposed exploitable gaps in their personal security knowledge and businesses have been warned to say no to weak passwords being used by employees. the UK National Cyber Security Centre (NCSC) is urging the use of three random words rather than a single word such as a name or a football team.
Amongst the results – which have been published in full on www.ncsc.gov.uk - were that:
Only 15% of individuals say they know a great deal about how to protect themselves from harmful activity.
The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021.
89% use the internet to make online purchases – with 39% on a weekly basis. Much of this is done from a work or BYOD computer or phone.
One in three rely on friends and family for help on cyber security rather than their employer.
Young people more likely to be privacy conscious and careful of what details they share online.
61% of internet users check social media daily.
70% always use PINs and passwords for smart phones and tablets.
Less than half do not always use a strong, separate password for their main email account.
The NCSC has also published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.
The results show a huge number of regularly used passwords breached to access sensitive information.
The most used were Premier League football teams; musicians; fictional characters; and names - ashley was used 432,276 times. liverpool (280,723); blink182 (285,706); superman (333,139); michael (425,291); chelsea (216,677; 50cent (191,153); qwerty (3.8m); manutd (59,440); batman (203,116).
Dr Ian Levy, NCSC Technical Director, said: “The NCSC has published lots of easily applicable advice to make individuals and businesses much less vulnerable.
“Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Tell employees to be creative and use words memorable to them, so people can’t guess your password.”
Margot James, DMCS’ Digital and Creative Industries Minister, said: "Cyber security is a serious issue but there are some simple actions everyone can take to better protect against hackers. We shouldn't make their lives easy so choosing a strong and separate password for email accounts is a great practical step."
David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: "Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work."
Background
The compromised passwords were obtained from global breaches that are already in the public domain having been sold or shared by hackers.
The list was created after breached usernames and passwords were collected and published on Have I Been Pwned by international web security expert Troy Hunt. The website allows people to check if they have an account that has been compromised in a data breach.
Troy Hunt said: “Making good password choices is the single biggest control consumers have over their own personal security posture.
“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them. Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people and businesses create a more secure online presence.”
Picture: 23.2 million victims worldwide were caught out by using 123456 as their password.
Article written by Brian Shillibeer | Published 28 June 2019
East Ayrshire Council has blocked weak passwords after an annual audit revealed their 6,000 employees were leaving the organisation open to cyber threat. It was 2017...
Read Full ArticleOver half of the respondents to a survey have said they believe an attack on critical national infrastructure is imminent. Most respondents also think the convergence...
Read Full ArticleYounger employees have been identified as the main culprits for security breaches in the workplace in a study by Centrify of UK senior decision makers and...
Read Full ArticleDoes your Bring Your Own Device (BYOD) stance have the potential to create risks relating to data protection or breaches, as a result of staff using a single smartphone...
Read Full ArticleThere are over two million drivers who will have to revalidate their driving licence data consent, writes Malcolm Maycock, Chair of the ADLV. Whilst this is a mammoth...
Read Full ArticleStraight from the horse's mouth, Steve Wood, Deputy Information Commissioner, writes for ThisWeekinFM on the topic of 'consent', how to get it and what to do...
Read Full ArticleA DNS Threat Report has revealed the cost per attack has increased by 57% to $715,000 for organisations globally. EfficientIP, a specialist in DNS security to ensure...
Read Full ArticleAndrew Carwardine offers 7 Steps to Change & Put Process Back On The Agenda. Thanks to GDPR, processes are back on the agenda but why the wait? Shouldn't we...
Read Full ArticleYou could hardly make it up but the Crown Prosecutions Service has been fined after losing victim interview videos - PLUS a variety of convictions including a...
Read Full ArticleMost companies are not confident of being fully compliant ahead of the GDPR deadline with the biggest fear being the loss of data on laptops and other mobile...
Read Full Article