Now could be a good time to get your passwords in order and make some urgent changes. New research has revealed just how simple some codes are to crack with it taking a matter of seconds for cyber crooks to gain access to personal accounts.
The new report from the team at payment firm Dojo makes for worrying reading but some pretty simple modifications will make sure your online accounts stay safe.
Dojo says that the most hackable passwords are ones that contain all lowercase letters or numbers and are less than 8 characters long. For example, the passwords purple, letmein or 202201 can all be guessed in under a second. Compare that to the word wednesday1 which takes over 2,000 seconds to crack and you can see how small changes can make a big difference.
Another mistake people make is using the same codes for both work and home accounts which makes the chance of being attacked much more likely.
“With 51% of people using the same passwords for both work and personal accounts, it’s common for people to repeat password patterns that are easy to remember. But the study found that 365,174 passwords feature all lowercase letters and an average password length of eight characters,” Dojo explained.
“When using this password pattern hackers can access your data easily, as the number of combinations they need to try is lower. If you are using all lowercase letters for your passwords, it would take hackers just three seconds to guess.”
Along with lowercase and short passwords, another mistake is to use nicknames, TV shows, colours and fashion brands as these are some of the most hackable in the world.
So what should you be doing to increase the strength of your security?
Dojo says that its study found that over 1.5 million passwords were eight characters or less with terms of endearment being the most common password category.
To make sure you don’t fall victim to hackers it’s a good idea to make your codes a minimum of 8-12 characters long and use a mix of special characters, numbers, and capital letters.
For example, Mirr0r!_5912 is clearly far harder to crack than just using the word mirror.
It’s also a good idea to set up MFA (multi-factor authentication), these are available on most apps and accounts that require a password.
The MFA sorted, you’ll get a multi-step account login process that requires you to enter more information than just a password. For example, you might be asked to enter a code sent to your email account, have to answer a secret question, or scan a fingerprint on your smartphone.
Other top tips include using services like Have I been Pwned (HIBP) to monitor if your username and password has been breached.
Don’t use personal information that is easily accessible through your online presence and use a credible password manager to help you create unique, strong passwords so that you don’t have to remember them.
