The year was 2003 and Blink-182’s single “I Miss You” was topping the charts. Nearly 16 years later and Blink-182 is topping a different kind of chart as one of the most breached passwords.
Despite daily headlines of data breaches, people continue to use unsavory security practices by using their favorite bands or loved ones as their password. Just this month, Britain’s National Cyber Security Centre published a list of the 100,000 most commonly breached passwords worldwide. Not surprisingly, ‘123456’ was the most frequently hacked password. ‘Ashley’ was the most widely breached name with almost half a million compromises and as I mentioned earlier, ‘Blink-182’ also made the list with nearly 300,000 breached accounts.
Cybersecurity officials are urging people to read the list and change their passwords if they found that they appeared, but today, on World Password Day, we will go a step further and explore the current state of our password hygiene and offer a few tips and tricks to help you secure the key code into your digital identity.
All the Small Things: Do Not Reuse Passwords
It seems like a small issue but reusing passwords across your various accounts is like biking without a helmet—you are simply asking to get hurt. And the practice of reusing passwords is only becoming more common as time marches on. In our 2014 SailPoint Market Pulse Survey, we found that 56% of employees admitted to reusing passwords across work and personal accounts. Four years later, that number went up to a staggering 75% when we asked the same question. We have mentioned it before, and we will say it again: password reuse is a cardinal security sin. You are serving yourself on a silver platter to hackers. Even worse – if you are sharing those passwords between work and personal accounts, you are also serving your employer up on a silver platter to hackers. If they crack one account with a shared password, they can easily crack your work account(s) too, if that password is shared across both. This ‘domino effect’ has become the basis for ‘credential stuffing’—a technique increasingly used by hackers today. So, rule of thumb: do not reuse passwords!
I Miss You: Do Not ‘Miss’ Your Old Passwords, Change Them!
Reusing passwords is not the only cardinal sin being committed here. We are also not changing out passwords. We found in our annual SailPoint Market Pulse Survey, that on average people use about four different passwords at work. That is a lot of passwords to keep track of and we are probably less inclined to change them—19% of respondents waited one entire year before they changed their passwords for either work or personal accounts. One year is entirely way too long. Changing passwords is annoying, especially when you are keeping track of four at once. We are creatures of habit. We get used to typing in one thing, and it can be quite irritating when you have to retrain your mind when entering your new password. And getting locked out because you cannot remember your password? The worst! Well trust us on this one,
do not get sentimental about your passwords. It is always worth keeping yourself one step ahead of the hacker’s game by changing your password at least every three months.
What’s My Age Again? Do Not Use ‘123456’ As a Password
I hate to be brash, but using your favorite band or soccer team as your password is something we should have outgrown in our teens. Nor should we use consecutive numbers. Simple passwords, as we know, are easily cracked. According to our own survey data, people really do like the simple password — 32% of the people we surveyed admitted to using easy-to-guess words, like a pet’s name (28%), a memorable location (20%), or a favorite sports team or player (20%). We need to make our passwords more complex and random to avoid a hacker’s roving eye. When it comes to passwords, remember if it is easy to remember, it is probably not a good one. By combining an unusual mix of upper and lowercase letters, with some random numbers (not your anniversary) and symbols will usually do the trick.
With the help of pop rock, we explored some not so good password habits and entered into a place where we are finally able to make the right password decisions. On this World Password Day, put on your favorite Blink-182 song and get started on making those important password changes to make your digital life more secure. Just don’t make those passwords Blink-182.