Now could be a good time to check your password and make some changes.
If you’ve not checked or changed your password in a while then now could be a good time to look at your accounts. Despite endless warnings about online security, it seems many of us are still using passwords that are ludicrously easy to crack. It’s a big issue that is predicted to get worse with the global annual cost of cybercrime expected to reach over £7 million this year alone.
UK consumers aren’t helping themselves either with a study by cybersecurity experts, Redcentric, suggesting that 1 in 5 (20%) of Brits have just one to two passwords for all of their online logins.
Now one so-called ‘ethical hacker’ has issued a new alert to coincide with October’s National Cybersecurity Awareness Month.
Joe Cockroft – a cyber expert who is trained in hacking into complex systems and understanding how cyber criminals carry out attacks – says it’s vital to secure your online platforms and make sure accounts are as tough as possible to crack.
“Using identifiable information, such as a favourite football team, names of family members, or the city you live in, can make passwords easier to determine,” Cockroft explained.
“While this information may be easy to remember, it could also be easy for threat actors to figure out after a short time exploring your social media profiles, for example. NordPass’s Most Common Password List shows just how popular football teams are for UK passwords, as well as how many passwords lack complexity and are often a single word. Threat actors will often use a list of thousands or millions of words that help them crack your password.
“The National Cyber Security Centre advises that regularly changing passwords can cause more harm than good. Instead, it suggests that better password hygiene is more sufficient in securing accounts. Nevertheless, passwords should be changed immediately if a compromise is suspected or known.”
If you use passwords such as “123456” or “password” then you must act now or you could be at risk as these remain some of the most-used codes in the UK.
Here are the top 10 UK passwords that you MUST NOT use.
123456
password
qwerty
liverpool
123456789
arsenal
12345678
12345
abc123
chelsea
If you aren’t sure what’s best, here are some top tips to help secure your accounts and keep your data away from prying eyes.
Use complex passwords
“Make sure passwords are suitably complex and cannot be guessed,” Cockroft explained
“The length of a password also plays a huge role in how easy it is to compromise. A short password with a mixture of numbers, symbols, and letters will be easier to compromise than a long password with only letters and spaces.”
Don’t re-use passwords for multiple accounts
“Using the same password in multiple places risks the security of multiple accounts and should be avoided,” Cockroft added.
“This includes passwords that are largely similar, such as those where a number or symbol has been added to the end. Some users will utilise a pattern that allows them to easily create and remember different passwords for each site, however, be aware that threat actors may be able to decipher this pattern after observing one or more compromised passwords.”
Use multi-factor authentication
“Multi-factor authentication (MFA) requires an additional factor to gain access to an account in addition to the usual username and password combination,” said Cockroft.
“This usually takes the form of a code which is delivered to a mobile device via app or text message.
“Enabling this on accounts can help to negate the success of an account compromise, as the threat actor is unlikely to have access to this code. It will also notify the user if somebody an unauthorised person has logged into your account”
Regularly check to see if your accounts are compromised
And the final piece of advice from Cockroft. “It’s important to stay aware of any data breaches that your accounts may be involved in. This will not only indicate that you need to change your password, but also highlight what other information may now be easily accessible by threat actors (attackers), such as addresses and credit card information. Have I Been Pwned is a free tool that helps you to identify any data breaches you may have been involved in by entering your email address or phone number.”
