Despite all the warnings issued by cybercrime experts, many people are still employing passwords that are simple to guess. From “1234” and “password” to the names of pets, dates of birth, favourite football teams and the names of loved ones, the poorly chosen private credentials selected to secure accounts are putting personal information and companies at risk.

Today, we’ll look at how people are picking passwords, how hackers are exploiting them and what the experts say.

How do hackers take advantage of weak passwords?

Research recently undertaken by the UK’s National Cyber Security Centre (NCSC) indicates that approximately 14% of people at one time or another have employed a family member’s name for a password, while 15% used their pet’s. Another 13% utilised special dates such as anniversaries and birthdays, while 6% chose their favourite sports team as a password.

Although these kinds of passwords might be far simpler for to remember than more complex options, this approach to security can put users in danger. With many people’s social media profiles open to the public, it’s not tricky for criminals to find the names of pets, special dates and teams being supported. With this information in hand, hackers can then attempt to penetrate accounts.

Attackers can also employ an attack tool that uses brute force to crack accounts, a task easily performed when passwords are simplistic and involve a single word.

What are the risks of weak passwords?

Using weak passwords can result in people putting their personally identifiable information (PII) or financial account details at risk, particularly if they use the exact same password for all their accounts. They can also potentially put the company the work for at risk from cybercriminal attacks if a password stolen is also employed to secure their corporate email accounts as well.

What passwords do security experts suggest

Specialists at the NCSC are now urging individuals to follow the agency’ s advice and ensure their passwords are safer. NCSC experts suggest that passwords should include three random words combined. The thinking behind this technique is that the three different words will be relatively simple to remember, and at the same time, be random and unrelated, making it impossible for cybercriminals to guess them, even using brute force tactics.

The NCSC’s Director for policy and communications, Nicola Hudson, commented:

“We may be a nation of animal lovers but using your pet’s name as a password could make you an easy target for callous cyber criminals. I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords, which recommends using passwords made up of three random words.”

The security centre also advises that users should ensure the password for their email account is entirely separate to all other passwords they use. In the event that an email is compromised, the attackers will not be able to access people’s other online accounts, limiting the damage

For comprehensive email security, contact Galaxkey to test drive our secure solution. No passwords are ever stored on our system and end-to-end encryption ensures email data remains safe. Contact our team to book your free two-week trial.