If you haven't given your online passwords a spring clean in a while then now is a good time to get things in check. October is officially National Cybersecurity Awareness Month and - although that might not sound like a whole lot of fun - it does offer a timely reminder about how easy it is to fall into terrible and dangerous habits.
Despite us all knowing that using "password" is a really bad idea, latest research from cybersecurity experts, Redcentric, has uncovered some very worrying data about how many of us aren't protecting our accounts properly.
In fact, the study of 2,000 Brits found that 20% have just one to two passwords for all of their online logins. That means if a hacker gets hold of that code they can gain access to multiple accounts with relative ease.
Many of us are also not changing things and those that do aren't switching codes often enough. The study also discovered that 77% of us don’t use a password manager and an alarming 23% save their passwords in the browser.
“The fact that so many people reuse the same password on multiple accounts/services is a real worry," explained Tom Holloway, head of cybersecurity at Redcentric..
"The concern is that if their credentials for one site are compromised, those credentials could be used to access a wide range of password-protected services with relative ease.
“I would urge people to review all of their passwords and consider how guessable they really are. Updating them and installing a password manager takes just a few minutes, but could save you huge amounts of money, stress and time in the long run.”
Ethical hacker at the NEBRC, Joe Cockcroft - who is trained in how cyber crooks work - also weighed in with useful advice.
"Using identifiable information, such as a favourite football team, names of family members, or the city you live in, can make passwords easier to determine. While this information may be easy to remember, it could also be easy for threat actors to figure out after a short time exploring your social media profiles,"
MOST USED PASSWORDS
1 - password - cracked in under 1 Second
2 - 123456 - cracked in under 1 Second
3 - 123456789 - cracked in under 1 Second
4 - guest - cracked in 10 seconds
5 - qwerty - cracked in under 1 Second
If you are worried about your passwords here's some advice from Joe Cockcroft about how to be safe.
Top password tips
Use complex passwords: Make sure passwords are suitably complex and cannot be guessed. The length of a password also plays a huge role in how easy it is to compromise. A short password with a mixture of numbers, symbols, and letters will be easier to compromise than a long password with only letters and spaces.
Don’t re-use passwords for multiple accounts: Using the same password in multiple places risks the security of multiple accounts and should be avoided. This includes passwords that are largely similar, such as those where a number or symbol has been added to the end. Some users will utilise a pattern that allows them to easily create and remember different passwords for each site, however, be aware that threat actors may be able to decipher this pattern after observing one or more compromised passwords.
Use multi-factor authentication: Multi-factor authentication (MFA) requires an additional factor to gain access to an account in addition to the usual username and password combination. This usually takes the form of a code which is delivered to a mobile device via app or text message.
Regularly check to see if your accounts are compromised: It’s important to stay aware of any data breaches that your accounts may be involved in. This will not only indicate that you need to change your password, but also highlight what other information may now be easily accessible by threat actors. Have I Been Pwned is a free tool that helps you to identify any data breaches you may have been involved in by entering your email address or phone number.