Weak Passwords have long been one of the main targets of hackers and the prime reasons behind data security breaches. In fact, the list of top passwords is sold as commodities on the dark web and millions of people buy them on a regular basis.
As a reaction to this, many cybersecurity firms have undertaken research over the years to identify general patterns in people’s password habits and how they cause vulnerability.
One such study was recently conducted by the cybersecurity company F-Secure. The company set up a number of ‘honeypot’ servers all around the world. Before we dig deep into it, let’s understand the interesting concept of Honeypot.
Honeypot servers are decoy servers that are installed into networks along with the main production system. These servers detect any possible attacks on the network, and alert the main system. Thus, the name honeypot comes from its ability to attract/detect attacks.
The study revealed that the number of attacks on the Internet of Things devices, aka IoT devices, that are connected to the internet across the world, is on the rise. The study was also able to identify the usual method used to hack into devices, as well. SMB ports and Telnet were found to be the most vulnerable ports.
Once a hacker has successfully breached a device, all they need to do is to figure out passwords.
Most commonly used passwords
The same study also analyzed the common passwords hackers try when hacking into a device.
According to the study, the first most common password that most hackers try is ‘admin’. A lot of users either don’t bother to change the predefined password of the application or platform or set it for ease of remembering. And, that’s how they make a mistake.
The other top most commonly used passwords are ‘12345’, ‘default’, ‘password’, and ‘root’.
According to F-Secure, the passwords reflect the kinds of devices hackers try to access, which are mainly routers and other devices with factory-default passwords. This makes factory default passwords another common choice for hackers.
Through other studies, a number of other patterns have been discovered in people’s passwords. One of these is ‘123456’. Passwords like ‘iloveyou’, names of animals, first names of people, and names of family members are also very common. The names of football teams are also recurring themes with ‘liverpool’ being the most common.
It’s a generally acknowledged fact that hackers are becoming smarter by the day and finding newer ways to attack potential targets. As passwords are one of the most fundamental access keys to any device or account, when strong, they can protect your privacy against prying eyes.
A good practice when creating passwords is to make them complex and unique. This isn’t as hard as it sounds. The general guidelines that flash to users creating new accounts suffice in coming up with a strong password. Using a mix of special characters, capital letters, numbers, and lowercase letters make a password strong.
Many people use the same password across platforms, which should be voided at all costs. This might be hard to keep track of, but will ensure greater safety in the long run.
Many browsers like Google Chrome now auto-generate strong passwords. These passwords are encrypted and saved in a secure database, are auto-filled whenever the user accesses the account and can be changed/removed easily.
For those unwilling to put the effort into creating a complex and unique password, this can be a good alternative.
However, saving passwords should always be a last resort. Password databases are the most sought after in present times. Thus, saved passwords are not entirely secure and can fall prey to breaches at any time. For Instance, many companies suffered from massive breaches due to the Heartbleed Bug in 2014, and Google was among the worst affected. Additionally, an infographic by DigitalGuardian illustrated how sharing too much information on the internet, especially social media makes users vulnerable to hackers.