Hopefully, your company’s users know to stay away from “12345” and “password” when they choose their codes to protect company accounts. But a new password security study reveals some other poor choices.
Guessing common or default log-in credentials is a common method used in cyber attacks against both companies and individuals. But unfortunately, many users haven’t learned the lesson, as evidenced by a list of the most commonly hacked passwords published recently by password security vendor SplashData.
The company compiled lists of the passwords hacked in recent breaches at major sites including Yahoo, LinkedIn and eHarmony. The top three passwords on 2012’s list — “password,” “123456,” and “12345678” — were unchanged from the previous year.
However, the list shows that users have at least found some new password security mistakes to make this year. The list of the 25 worst passwords users chose in 2012 include some brand new entries, such as:
- mustang, and
Password security tips
As users’ password habits change, hackers will adjust their tactics, SplashData warns, so those passwords will likely become part of the sets cyber criminals use to guess log-in information.
IT managers can help keep their organization’s data secure despite users’ bad habits by taking these steps to enhance and enforce password security:
- Look into password management software, which can help users choose different, complex passwords for all of their accounts without having to worry about actually remembering all of them.
- Set a good example in the IT department by changing the default passwords for desktops and other systems. If users are given their computers and the password is already set as “12345,” odds are low that they’ll change it on their own.
- Enforce password security policies when you can. It may be hard for IT to make sure all users choose a secure password on their own, but in some cases it may be possible to set rules regarding what kinds of passwords they’re able to pick.