A new report released by cybersecurity experts at SpyCloud has uncovered that despite warnings from government organisations and technology specialists, people are still selecting weak passwords.

To make matters worse, in many cases users are still employing the same inadequate passwords even after they have already been breached by malicious operators.

Passwords used on multiple applications

The need for passwords is continual issue that big technology firms are always trying to solve. Unfortunately, in many cases they remain crucial for people to access services and sites online. Even in 2022, users are not altering them after they have been exposed and often keep using these compromised passwords to access a number of different sites.

In its recent report, SpyCloud underlined that many people often struggle with passwords associated with multiple accounts online. Based on data that included 1.7 billion password and username combinations, which the security firm collected from 755 different leaked sources last year, SpyCloud estimates that approximately 64% of people employed the exact same password that was exposed in a breach for one or more other accounts.

Researchers at SpyCloud commented:

“For users we can tie to breach exposures in 2021 and prior years with the same email address or username explored, 70% were still reusing the same exposed passwords.”

The reuse of a password always presents a potential and significant security issue because if the password chosen has been breached, hackers can then utilise it to access additional accounts where it is also deployed for sign-in.

Poor password selection

An additional weak link in password protection is that users continue to select vulnerable passwords. A common and lazy habit of people who do not take cybersecurity seriously, recorded examples of bad choices include “qwerty”, “123456”, “admin”, along with the word “password”.

The SpyCloud study focused on passwords being reused, and identified an increase in passwords being chosen based on media from the latest online streaming services like Disney Plus. It recorded that the leading ‘popular culture’ password choice was Loki, after the Marvel show released through Disney, followed closely by Wanda and Falcon, names linked to other programmes on the streaming service.

Arguably the best solution available to improve secure access to password-protected areas and online accounts is multi-factor authentication (MFA). This process involves an extra layer of defence being added, rendering a simple password and username combination insufficient for access to be granted.

This enhanced layer of protection may sometimes include a fingerprint or facial recognition scan, tools often now used with Apple technology, but more commonly employ text messages. Codes, usually six digits long, are sent to the user’s registered personal device in an SMS and they must enter this passcode before they can enter the secure gateway.

Unless a malicious actor has access to both the user’s credentials and their smartphone, they will be unable to infiltrate the online account. Until another option arrives, MFA is recommended by the National Cyber Security Centre (NCSC) here in the UK.

If you want to utilise a platform that encrypts all your data and demands good password selection, contact Galaxkey today to see how we can help protect your enterprise