There have been several studies recently that have shown, or at least suggested, that cyber security incidents are often the result of human error, and we have been told again and again that one of the best ways to improve our cyber security is to use strong passwords. However, a study of 2016’s most common passwords found that nearly 17% of users were safeguarding their accounts with ‘123456’.
Keeper Security‘s study of 10 million passwords which had become public through data breaches that occurred during 2016 found that the list of most frequently used passwords had changed little over the last few years. This perhaps suggests that user education has its limits. While it is important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.
Four of the top 10 passwords, and seven of the top 15, were six characters or shorter. This is stunning given that today’s brute-force cracking software and hardware can unscramble those passwords in seconds. The presence of passwords like ‘1q2w3e4r’ and ‘123qwe’ indicates that some users attempt to use unpredictable patterns to secure passwords, but their efforts are weak at best. Password crackers know to look for sequential key variations and, at best, this will only set them back a few seconds.
Cyber security is a hot topic for business continuity professionals at the moment with cyber attacks and data breaches yet again featuring as their top two concerns according to the Business Continuity Institute's latest Horizon Scan Report. It is with this in mind that cyber resilience was chosen as the theme for Business Continuity Awareness Week 2017 which has a particular focus on the actions that individuals can take to play their part in an organization's cyber security, and this includes effective password control.