[ad_1]
That people are lazy is not new. Just as people like to make things as easy as possible. As a new study reveals, these two facts do not work well in terms of security and passwords.
An analysis by the National Cyber Security Center (NCSC) in the UK revealed that a considerable number of people still use weak and easy-to-guess passwords to secure their accounts, despite sound advice. . The most commonly used password on hacked accounts was 123456, and many others were also unsafe. The NCSC, along with Troy Hunt of Have I Been Been Pwned, also released a list of the 100,000 most-used passwords in the world.
See also:
The NCSC conducted its first "cyberspace survey in the UK". It was found that 23.2 million accounts worldwide, which had been hacked, were using the password 123456. Using the data from "Have I Been Pwned", it was possible to draw up a list of accounts most commonly used. passwords, and the top ten is home to many familiar faces: 123456, 123456789, qwerty, password, 111111, 12345678, abc123, 1234567, password1, 12345.
The reason for the publication of the password list is not (simply) to emphasize that people can be stupid in terms of security, but also serve as a warning. The CNSC suggests going through the 100,000 entries and says, "If you see a password that you use in this list, you must change it immediately."
In a blog post on the list of passwords, the NCSC answers a few questions:
Does the release of violated passwords help criminals?
These passwords are already in the public domain. By making users aware of how attackers use passwords obtained from violations, we can make the task more difficult for these attackers and help you reduce the risk to your customers or employees.
Why not use an existing list of violated passwords?
Through our collaboration with Troy, we can provide the most up-to-date list that is supported by a data source trusted by the NCSC. We can also refer to it in our NCSC guidelines.
However, there are other more specific passwords (employees of a company using the name of the company in their password) or time-limited ("Spring2019", etc.) that will appear. rarely in a global list of violations, but attackers can still try to use. This list will not be the complete list and the complete list of blacklists, but it should provide you with a good starting point.
Developers and system administrators are encouraged to use the list to encourage users to create stronger passwords, with the suggestion that the passwords in the list are blocked.
So, what's the best way to create a strong password that's easy to remember? The NCSC simply suggests using three random words – hard to guess, but hard to forget.
Image credit: Bankrx / Shutterstock
[ad_2]
Source link