Most common passwords most likely to get you hacked
The terms are among the most commonly-guessed passwords by online hackers in the last 12 months, according to a new report from security group Rapid7.
How to Pick a password:
- Don't re-use passwords. One ultra-secure one won't be any good if someone finds it.
- While combining upper and lower case passwords with numbers to alter a memorable word - M4raD0na - is often advised, these are more easily cracked than you might think.
- Good advice is to make a memorable, unusual sentence: "I am a 7-foot tall metal giant" is better than "My name is John", and use the first letter of each word with punctuation: "Iaa7-ftmg".
- Alternatively, you can use a password manager such as 1Password, which can generate secure passwords and store them online.
- The best way to protect yourself is to use two-factor authentication, which will send a text with a code or use an app to verify your log-in.
Rather than focusing on the passwords that people typically pick, Rapid7 decided to look at what online scam artists are actually using to test and likely break into internet-connected point of sale (POS) systems, kiosks, and computers.
Their findings are particularly shocking: majority of the top 10 passwords attempted are ridiculously simple, implying a widespread use of terrible passwords. Examples including 'admin', 'x', 'Zz' and '1'.
One of the simplest ways to access someone's online account is to guess a password, and hacking software tends to try the most common ones first. Often, passwords are shared between accounts, so once they've guessed right, hackers will try their luck at several other accounts including banking and social media.
How the passwords were revealed:
In order to track hacking attempts, the experts set up 'honeypots' - areas of a website that look normal, but are actually bait for hackers that can be monitored.
During the 12 months they ran the study, the honeypots racked up 221,203 different log-in attempts, coming from 5076 devices across 119 countries, using 1806 different usernames and 3969 different passwords.
There were on average 662 login attempts every day by criminals.
This type of research "is incredibly useful for spot checking the state of cyber hygiene," according to Tod Beardsley, Security Research Manager, Rapid7, because it can reveal where businesses are going wrong with their digital security.
Earlier this year, researchers at SplashData revealed the most common passwordsof 2015, including passw0rd, login and 123456.