Password fail
EVEN as the decade comes to a close, cybersecurity experts say that people have yet to upgrade their understanding about passwords, and continue to use bad ones.
According to password management firm Nordpass, “123456” has been the most commonly used password in 2020!
It was used by over 2.5 million people, even though it is no secret that hackers would take less than a second to break into such an account.
In the list of “Top 200 Most Common Passwords Of The Year 2020”, “123456” was followed by “123456789”, “picture1” and even “password”. Only 78 of the passwords on this year’s list are new.
A post by the firm said: “According to research, the majority of people use simple and easy-to-remember passwords because it’s convenient. But the problem is that most memorable passwords are highly vulnerable to cracking.”
“Ashley” was the most popular name used as a password last year (26th place) but this year it dropped to the 31st position, beaten by “aaron431” (which came in 18th place). It was followed by “michael”, “daniel”, “samantha” and “charlie”.
Last year, the password “onedirection” came in at 184, but this year it didn’t make the list, Nordpass said, asking, “Does this mean the band is losing popularity as its members are pursuing solo careers, or are their fans becoming more cyber-conscious?”
When it comes to using food as a password, not surprisingly “chocolate” topped the list, along with “cookie”, “pepper”, “cheese” and “peanut”.
And “pokemon” beat “superman”, “naruto”, “batman” and “starwars” as the most popular choice for passwords based on pop culture.
Cybersecurity website Safety Detectives found similar bad passwords in its “20 Worst Passwords In The World” report based on 18 million passwords from several years’ worth of leaks, compiled from hacking forums, marketplaces and the dark web.
Its security researcher Micheal Marino said half the sample was chosen from countries usually not pooled in surveys.
“Non-english speaking countries are often under-represented in cybersecurity research, but non-english speakers are still vulnerable to cyber crime.
“It’s important to stay protected on the Internet no matter where you live or what language you speak,” it posted.
The website found that footballloving nations like Italy and Spain tended to have passwords of their teams – “juventus” was the third most popular in Italy and “realmadrid’ was 15th in Spain.
“In our analysis of 9.3 million users worldwide, we frequently
found pop culture and historic figures used either as part of a password or an exact match,” said Marino.
Passwords based on the name of TV show Friends, movie Star Wars and Portuguese football legend Ronaldo, as well as tech companies such as Samsung, Google and Apple were also popular.
It also found another bad habit – using first names in passwords even if the names were part of the email addresses.
Cracking the code
Cybersecurity Malaysia CEO Datuk Dr Amirudin Abdul Wahab said cybercriminals mostly targeted social media accounts such as Facebook and Instagram, as well as messaging service Whatsapp.
They go after email accounts too and even multiplayer online battle arena games such as Mobile Legends, a popular title in Malaysia.
Kaspersky South-east Asia general manager Yeo Siang Tiong said cybercriminals usually follow the money trail.
“Accounts with your financial details are of high interest as well as those accounts with your personally identifiable information (PII),” he said, sharing that a strong password is the main barrier against hacks.
“Users might be using passwords that can be easily guessed within hours, which could expose them to identity theft and extortion, a risk no one should take,” he warned.
In a report, the cybersecurity firm noted that attacks to steal PII are particularly prevalent ahead of sale periods like the recent Singles’ Day (Nov 11).
“In the hype of this sale spree it is important to stay alert as scammers are always happy to take advantage of unwitting users and phish out their personal details, including financial information,” said Kaspersky security researcher Tatyana Sidorina.
The report analysed phishing attacks before the sale, between late October and early November in 2019, detecting 554,000 attacks. This was 21% higher compared with the 457,000 between September and October the same year.