SkOUT Secure Intelligence has today released the top 25 passwords that were leaked online in 2018, warning that any company, organisation or individual using these passwords are vulnerable to cyber-attacks and data breaches.
The top 25 list from the cyber-security company’s research team features perennial favorites such as ‘123456’ and ‘password’ at number one and two places respectively as the most commonly-used passwords, followed by other variations on sequential numerical passwords such as ‘123456789’, ‘12345678’ and ‘12345’ in the top five.
The global table also includes other obvious passwords such as ‘admin’ and ‘qwerty’ that leave email addresses and online accounts open to attacks. Additionally, SkOUT’s top 25 features new entrants this year such as ‘111111’, ‘666666’, ‘princess’ and ‘donald’ – the latter a possible reference to US President Donald Trump.
SkOUT, which was founded by Irish entrepreneur Aidan Kehoe and has its EMEA HQ located in Portlaoise, released the top 25 table as security concerns over the online leaking of password remain high. Last month, experts discovered what is believed to be the largest collection of breached data in cyber-security history, when more than 770 million email addresses and passwords were posted to a hacking forum. It is believed that the collection of hacked emails and passwords was compiled by cyber-criminals using a variety of different individual data breaches.
Commenting on the findings, SkOUT Chief Technology Officer and President Jessvin Thomas said; ‘A good password is the first line of defence between your data and an attacker, so it is vitally important that you make password security a priority in your personal and business life. If you are guilty of reusing, rotating, or using notoriously weak passwords, you are making yourself or your business an easy target for attackers. Reusing passwords for email, banking, and social media accounts can lead to identity theft, business downtime, and many other situations.”
SkOUT, which specialises in cyber-security monitoring and helps businesses to adopt better cyber-security practices, recommends that users change their passwords regularly, ideally every 90 days. This is considered good practice because password leaks often happen months, or even years after the passwords are taken. If a user frequently changes their password, this removes the danger of an old password leaking.
To further protect themselves, SkOUT advises businesses and individuals to memorise passwords instead of writing them down. This is because a hacker could find the information they are looking for in their target’s desk or office, so it is imperative not to leave Post-It notes with your passwords lying around. Of equal importance is avoiding the storage of passwords as contacts in smartphones or in notes apps, as this information can be synced to many devices and third-party apps, leaving users exposed and creating a higher risk of a breach.
To further mitigate the risk of a breach, SkOUT recommends the use of two-factor authentication to provide added security. In effect, this revolves around the use of a second method to prove you are who you say you are.
The most common methods of authentication include the use of additional passwords, but there are other ways to authenticate, including the use of security pins and security questions; authentication apps and authentication cards as well as finger print, facial and voice recognition.
“Using multiple factors of authentication is important because even the best passwords can get breached. If your password is stolen, a second layer of protection like your phone will be the difference between your data staying private or becoming stolen,” Mr Thomas said.
In terms of creating passwords, SkOUT advises the following:
– Use a mix of uppercase and lowercase characters and special characters such as ‘#, $, %’ as it makes your password much harder to guess;
– Use unique passwords for every account and email address;
– Choose a line or two from a song or poem and use the first letter of each word, preceded or followed by a digit;
– Don’t include all or part of your username, first name, or last name as these elements are easy to guess;
– Don’t use number sequences, letter sequences, or common words – as the 25 most common passwords show these are very common. Attackers use these passwords, along with common things like names and dates to guess passwords and break into accounts.
The 25 most commonly used passwords of 2018
1. 123456 (Unchanged)
2. password (Unchanged)
3. 123456789 (Up 3)
4. 12345678 (Down 1)
5. 12345 (Unchanged)
6. 111111 (New)
7. 1234567 (Up 1)
8. sunshine (New)
9. qwerty (Down 5)
10. iloveyou (Unchanged)
11. princess (New)
12. admin (Down 1)
13. welcome (Down 1)
14. 666666 (New)
15. abc123 (Unchanged)
16. football (Down 7)
17. 123123 (Unchanged)
18. monkey (Down 5)
19. 654321 (New)
20. !@#$%^&* (New)
21. charlie (New)
22. aa123456 (New)
23. donald (New)
24. password1 (New)
25. qwerty123 (New)
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.