Why weak passwords still put global giants at risk — and how you can strengthen your own defences with practical steps today.
If you believe that the tech giants like Reddit, Wikipedia and Amazon are at the cutting edge when it comes to cybersecurity and password hygiene, think again.
Acclaimed author Jordan True, who focused the spotlight on a 2019 University of Plymouth research project, reveals that these colossuses of the IT industry have not been too scrupulous when it comes to accepting poor passwords from users in the past. Perhaps they have upped their game in recent times?
“This is incredibly alarming as it perpetuates the use of weak passwords,” she warns. “Nearly every common password was accepted [by the tech companies mentioned] which included repeats of the username, the user’s own name and, of course, the all-time classic, ‘password’.”
Cybersecurity has always been important, but it has become critical today as cybercriminals continue to develop and perfect new and innovative ways to hack accounts and steal your personal data.
So, do you think you can do better and pull one over on the tech gurus? It’s easier than you might think - but only if you closely follow the rules. Here are ten top examples:
(1) Do not re-use passwords. It might be tough to remember a different password for each account or application, but that’s what password managers are meant for.
(2) Use randomised passwords. Family and other familiar names are easy to hack. Be creative and dream up some unique words. Better still, make sure these words are not found in the Oxford Dictionary.
(3) Use more than eight characters in a combination of letters (upper and lower case), symbols and numbers. The longer the password the better.
(4) Do not use personal information.
(5) Don’t document (write down) passwords where they might be discovered by colleagues, associates or curious visitors.
(6) Be wary of unfamiliar devices or devices that you do not control. Your password may be compromised by a keylogger.
(7) Change passwords on a regular basis. It might be a chore, but its easily done if you put your mind to it. Make a date with your computer.
(8) Do not use default passwords. On many systems, a default administrative account exists which is set to a simple default password. These are easy to hack.
(9) Boost corporate cybersecurity by storing user passwords in a way that prevents them from being obtained by attackers, even if the system or application is compromised.
(10) Use two-factor (or multi-factor) authentication where possible. Google has introduced the practice, and it’s one of the best examples of password hygiene around.
At Cyber Insight we encourage companies to introduce and enforce strong password policies while following stringent password protocols. They should be made applicable to all stakeholders - including employees, associates, customers and suppliers – and overseen by effective password management solutions.
Cyber Insight’s plan for Secure Future Protection includes guidelines for enhancing password policies and advocates the application of next-generation tools that can discover and prevent weak passwords while defending against “password cracking” and other authentication-based attacks.
