(3 min read)
One of the first things we do in the Psybersafe programme is talk about passwords. Why?
Because it’s often a weak password that grants criminals access to your personal data, or the data held in your organisation. In fact, passwords are one of the most frequent attack targets. According to Sailpoint, almost two-thirds of data breaches involve weak or stolen credentials.
A weak password is a way in. And cyber criminals will find it.
You’d be surprised – or maybe you wouldn’t – at the passwords that the majority of people are still using. Despite IT departments, security specialists and cyber trainers emphasising the importance of a strong password, people still take the ‘easy’ option.
In fact, according to a report by cybernews.com, these are the top 10 most common passwords worldwide:
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
- 12345678
- 111111
- 1234567890
Quite frankly, that’s astonishing. And scary. It’s no wonder that hackers can get into systems so easily. The word ‘password’ actually comes in at number 4. These are not clever passwords, where you judge them to be so simple, a hacker wouldn’t think of them. They are precisely among the many combinations they’ll try first.
Change the way you think about passwords
Your password is like the security lock on your home. It needs to be intricate and detailed if it’s to foil someone with a set of lock-picking tools. So a strong password needs to have these characteristics:
Be at least 15 characters long. The longer your password, the better.
Contain no personal details. Don’t use names, birthdates, house numbers or any personal information. Not only do they make passwords easier to hack – it gives the criminals confirmation of other private data about you or your family.
No patterns. Psychologically, we are designed to look for patterns, so when we create a password, we use patterns to help us remember. But patterns are crackable, so don’t be tempted to use them.
Numbers and characters. Instead of using all letters, make sure you use numbers and special characters too. This, alongside a longer-length password, makes them much harder to hack.
Computers can try thousands of password combinations per second. They use dictionaries at lightning speeds. Normal dictionaries of common words, multiple languages, and multiple combinations of patterns and numbers, letters and symbols. The longer the password, the longer it takes – it’s like you and your colleague being chased by a tiger. You don’t need to outrun the tiger, just your colleague. So don’t be the low hanging fruit, or the slow one in the race with a tiger. Make your passwords unique and long.
Passwords change for the better with Psybersafe
In an early Psybersafe episode, we measure password strength. And then we measure it again after a few episodes. We see an improvement of around 100% almost immediately. The results speak for themselves, and show that with a combination of behavioural science techniques and interactive, fun episodes we can help people to strengthen their defences against cyber attack.
In the first Psybersafe episode we measure password strength.
After a few episodes we ask learners to reset their password to re-measure their password strength.
To see how Psybersafe can put your people on the path to better protection for your organisation, you can find out more about our training and read our FAQs here.
Sign up below to get our monthly newsletter, packed with hints and tips on how to stay cyber safe.
Mark Brown, is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts. If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.