02 Feb Password 123456
What are the most commonly used passwords in business? There’s a clue in the title of this article. Sadly, despite CEOs and executives being responsible for risk identification and management, a recent survey by NordPass revealed that the most frequently used passwords generated by those in the top echelons of business are variants on ‘password,’ ‘123456,’ and ‘qwerty.’
Business leaders who step away from those obvious codes are fairly likely to opt for names of people or animals with ‘dragon’ and ‘monkey’ top of the animal-themed list. It’s no wonder that, according to a 2121 report by Verizon, 81% of data breaches are as a result of weak and easy to crack passwords. Moreover, the UK has been identified as one of the world leaders in suffering data breaches due to poor password management.
The trouble is, where executives lead, others follow. A survey by Uswitch in tandem with World Password Day on 5th May revealed that in the UK 48% of individuals use the same password for multiple accounts, with 40% incorporating the name of a pet and 30% including the year they were born. Given that all it takes is one password to be cracked for scammers potentially to have an entry into an organisation, it is hardly surprising that World Password Day has grown in prominence in recent years.
So what can executives do to instil a greater sense of password responsibility? Apart from leading the way, the key lies in helping people to understand the importance of strong passwords as part of overall organisational security. Yes, having to remember passwords when logging in or accessing certain parts of the database can seem tedious. But when business, customer, or even staff data is at risk then the incentive is there.
The second line of approach is to encourage the use of stronger passwords. Interestingly in recent times there has been a move away from complex sequences of random letters, symbols and numbers. Recognising that these complex passwords are more likely to be written down or included in spreadsheets, the UK’s National Cyber Security Centre now recommends that passwords consist of a series of three random words such as ‘coffeetrainfish.’ These words should not contain data which is personal such as names of family members or pets but, by being chosen by the user, can be more easily remembered.
If an individual has access to key information, organisations may also want to include a multi-factor identification element. For some organisations this might involve sending a pass code to a named phone or extension, whilst for others facial or fingerprint recognition might be the way forward. In any event, whatever route is chosen the message from World Password Day is clear: it’s time to thwart the hackers by deploying stronger passwords.