The Problem with Weak Passwords

Password protection
Share on linkedin
Share on facebook
Share on twitter
Share on email
Share on print

Although easy to remember, weak passwords are also easy to discover, being one of the most common targets of cybercriminals.

Most passwords are easy to figure out when hackers apply “brute force attacks” and use databases or password dictionaries, where attackers input information regarding their future victims.

There are a lot of dictionaries dealing with different languages, cultures, industries or hobbies. Hackers can easily find personal information about users. Information such as date of birth, name of spouse, names of children or pets, and favourite sports team can be found online if you are not careful about what you share.

In other words, it’s hard to escape once a hacker is on your trail. Therefore, preventive practices should be considered. A strong, unique password represents a preventive practice and a strong defence against hacking.

READ MORE: “Goals of Cybersecurity

password field on a computer display

How are Passwords discovered?

Attackers and hackers use a diversity of approaches and techniques to reveal passwords by exploiting a range of social and technical vulnerabilities, such as:

  • tricking someone into revealing their password via social engineering (including phishing and coercion)
  • using the passwords leaked from data breaches to attack other systems where users have used the same password
  • password spraying (using a small number of commonly used passwords in an attempt to access a large number of accounts)
  • brute-force attacks (the automated guessing of large numbers of passwords until the correct one is found)
  • theft of a password hash file, where the hash can be broken to recover the original passwords
  • ‘shoulder surfing’ (observing someone typing in their password)
  • finding passwords which have been stored insecurely, such as sticky notes kept close to a device or documents stored on devices
  • manual password guessing (perhaps using personal information ‘cribs’ such as name, date of birth, or pet names)
  • intercepting a password (or password hash) as it is transmitted over a network
  • installing a keylogger to intercept passwords when they are entered into a device
    These techniques are widely available and documented on the internet, and many use automated tools requiring only moderate technical skills. (Taken from the National Cyber Security Centre)

Below, you will see the Top 25 most common passwords by year. As you can easily notice, these passwords are quite simple to break by mediocre hackers.

Top 25 most common passwords by year

Create a Password that doesn’t break easily.

An intelligent way to keep your digital accounts protected is to use a password generator or to establish a password that is at least 12 characters long and does not resemble any personal information (your real name, company name, favourite team, pet’s name, etc), but that does include different types of characters – numbers, symbols, uppercase and lowercase letters, and space.

If you want to know more about using IT Security to keep your business safe, don’t hesitate to get in touch with us.

Share on linkedin
Share on facebook
Share on twitter
Share on email
Share on print