Password security – Sloppy Passwords linked to hacking

Experts have warned, lazy passwords put millions of Australians and their companies at risk of cybercrime, with an estimated two thirds of Australian businesses and large corporations vulnerable. Using default passwords present significant risks. Using a default password may seem like an easy option for you to remember but the problem is cybercriminals know the default passwords too.

The Australian small to medium business market are not taking enough steps to increase their cyber defences like enforcing good password security. Most computers, hardware, and software, are set up initially providing easy access so the operators can start working right away but the assumption is that the operator will go back and customise the default password to make it secure.

US tech giant Microsoft says the most used password last year was “admin”, which is currently being used by more than 20 million people across the globe. Other popular combinations include “123456” and the word “password”, according to research by password management company NordPass.

Former Security and Compliance Advisor at software company Salesforce, Jay Hira, said common words and personal information should be avoided when creating a password.

“Use of personal information such as your date of birth, father’s middle name, mother’s maiden name etc, are all too common,” Mr Hira said.

“Password reuse after a period of time and using the same password across multiple platforms are other common mistakes that we’ve all made at some point.”

With more people working from home in recent years due to the COVID-19 pandemic, data theft and hacking is at record levels according to latest data. It is more important than ever to have good password security. The Australian Cyber Security Centre recorded 67,500 cybercrime reports in 2021, the figure up nearly 13 per cent from the previous financial year.

Fraud, online shopping scams and online banking scams were the top reported cybercrime types and additionally, self-reported losses from cybercrime total more than $33 billion, according to the ACSC’s latest annual cyber threat report. Sophisticated hackers often use sneaky tactics such as sending fake text messages containing suspicious links to unsuspecting users to gain elevated access to private information.

Last year, Microsoft found out of more than 280,000 cyber security breaches. About 98 per cent of attacks used a password with less than 10 characters. In addition, only two per cent contained a special character and Proofpoint research found 42 per cent of working Australians use the same password across multiple accounts. Victoria Police recognises cybercrime as “a key facilitator” of organised crime.

“(We) remain unwavering in (our) commitment to minimising the impact that cyber-dependent and technology-enabled crime have on the Victorian community,” a spokesman said.

“Cybercrime presents a complex and fast-moving threat and is recognised nationally as a key facilitator of serious and organised crime.

“There are many practical ways for Victorians to protect themselves online. The resources available on the Australian Cyber Security Centre’s website are a great place to start.”

Experts say long and complex passwords with a combination of numbers, letters and special characters are generally the strongest. You can do clever things like use a phrase from a poem, or a book or a song, if that helps you to remember. If you want to make it even stronger, you could use a password manager that does all the work for you. If you are worried your password has been compromised you can check the website https://haveibeenpwned.com/Passwords which tracks password breaches.

Technology continues to revolve, and, in the future, we may not depend on passwords like we do today. However, until then we need to stop using sloppy passwords and take password security seriously.

Case Studies