When you hear the words “sunshine” and “princess”, do you feel like smiling? Are you enveloped in an optimistic glow? You’re maybe best not to be in this case. How about the name “Donald”? Do you think Duck or Trump?
Whatever reaction they evoke, these words and names have something in common. They are new entrants into the list of most used passwords of 2018. And whilst they are pretty poor passwords, they are by no means the worst of the bunch.
For the fifth year in a row, the top two places have been held by the utterly braindead “123456” and “password”. May I be blunt here and suggest that if you have either of these as your password you fully deserve to be hacked. You deserve to have numerous shiny things purchased through Amazon Prime and shipped to someone else’s front door. You deserve to have your bank account emptied. You really should explain to us normal folk how you can operate on a daily basis without constantly falling over.
The fantastic news that has effected this year’s list is that many websites are now insisting on a nine digit password as a minimum. Awesome news eh? Well, like everything that involves humans, the plan is only as strong as its most idle idiot. It may have made a number of users more secure, but the fact that the password “12345678” slipped to fourth place on the list, to be replaced in third by “123456789” would suggest it has maybe not had the desired effect. Incidentally, hacking software will find the eight digit password in less than one second and the nine digit one in also, less than a second. Even using “12345678a” instead takes you to 10 hours.
Next up are the massively unimaginative and surely out of date “12345”, “111111” and “1234567”. More suited to unlocking an iphone, these short and easy passwords are still hanging around like a bad smell. On the subject of iphone unlocking, don’t be like Kanye West, who on a recent visit to The White House was seen unlocking his phone with “000000”. Just spectacular levels of daft.
Time to think differently
How can we stop ourselves falling into the morass of foolish people and foolish passwords? Let’s start to think about pass phrases as opposed to passwords for a start. Instead of the aforementioned awful passwords or the standard mix of child’s name and year of birth, consider a line out of a song that you like. Not your favourite, but something a bit obscure.
A fan of the Beatles? The titular “heyjude” is a rubbish password (hacked in two seconds), but using “Pretty LittlePolicem3n” – from the lyrics of ‘I Am The Walrus’ –creates a belter. Not only do you have a lengthy passphrase you can remember, but a number, capitals and the spacebar as an oft underused special character. This password would get hacked around the same time that the sun collapses on itself and kills us all in a big ball of fire.
How about a line from a film? A joke from a sitcom? The name of a family from a soap opera? The back four from the 1986 cup winning team? The first three items you see when you get to the office? Any of these are infinitely preferable to “123456789” and will make it so much less likely that you’ll find yourself getting hacked by a nefarious type.
I’m presently writing this blog in a shisha bar in Glasgow, so to use the three items rule, I could use “ShishaSofaMenu”, Safe in the knowledge it would take 12 million years to hack my password. Check your password at www.random-ize.com and get yourself safe.
What else can you personally do to protect yourself? Don’t go for too intricate a password as if you do, you’ll write it down on a Post-it and stick it under your keyboard. Yes you will. I know you. Not everyone who wants to cause you or your business harm are working away in a Ukrainian basement, so you need to protect yourself in the office too.
Should you regularly change your passwords? This used to be the standard policy to force people to change passwords, but it’s become counter productive. The present steer from the National Cyber Security Centre, part of GCHQ, is to only change your password if you feel it’s been compromised, otherwise, stay the course.
You should use a password manager if possible. Password Boss, Dashlane and LastPass are a couple of examples of strong applications that are easy to use and mean you only need remember one password for all your needs. You can never be 100% secure, but using a manager will take you a hell of a long way towards it.
So you’re covered from a personal point of view. Now we can look at enhancements from your business IT support provider. They should firstly insist on a robust policy concerning length and complexity of password. Maybe minimum 10 digit and two of letters, capitals, numbers and special characters. They should have a lockout policy in place so if a password is wrongly entered three times, the user is locked out for ten minutes. Doesn’t sound like much, but this massively deters brute force hackers, who are notoriously lazy and will move on to a less secure victim.
They should also have a strong antivirus application running on all devices along with email filtering and web filtering software. Finally, if the worst happens, a robust backup, preferably to the Cloud, means you can wipe clean and restore your system quickly from the backup. Still using tape backups? Hang your head. Still using USB drive backups, still hang your head, but not as much.
The value of protection
Are you taking this seriously yet? No? Then these statistics might make you sit up and take notice. Reports have estimated that cybercrime costs the UK economy over £6bn annually. It could be much higher; after all, not everyone wants to admit to being hacked or losing money.
When you consider that there are currently 11 billion Internet connected devices around the world – the estimated global population is 7.7 billion – you realise the level of opportunity hackers have to disrupt our lives. As more smart tech products are developed, particularly for our homes, and it becomes more ingrained in our lives, the potential risk becomes greater.
Added to that is research conducted by the National Cyber Security Alliance in 2017 which found that:
Almost 50 percent of small businesses have experienced a cyber attack.
More than 70 percent of attacks target small businesses.
As much as 60 percent of hacked small and medium-sized businesses go out of business after six months.
Sixty percent of SMEs who have been hacked go out of business in six months? That is a sobering thought. It is not just businesses that are targeted. A 2018 UK Government report revealed that two in ten charities experienced a cyber security breach in 2017, showing hackers don’t care who they target.
Consider all of the above when your IT support company says it’ll cost £100 per month to protect yourself with a cloud-based backup system. I’m Aberdonian, so £100 a month is hefty for anything, but to protect my business? It’s a pittance.
If you do feel you or your business could benefit from an online security overview, please do get in touch with the team at Converged to discover how we can help to keep you safe online.