All you have to do is look at the top 8 most common passwords found on the Dark Web in 2020, to see that most of us are totally clueless:
About 59% of Americans use a person’s name or family birthday in their passwords. Another 33% include a pet’s name and, shockingly, 22% use their own name to create passwords.
The latest Acronis research revealed that 80% of companies do not have an established password policy. Between 15-20% of the passwords used in a business environment include the name of the company, making them easier to compromise.
Two recent high-profile breaches illustrate this problem: Before its Orion compromise, SolarWinds was warned that one of its update servers had a publicly known password of “solarwinds123”, while former President Donald Trump’s Twitter account was hacked because the password was alleged to be “maga2020!”.
Of the organizations that do have a password policy in place, the researchers found many rely on default passwords, and up to 50% of those are categorized as weak.
Attackers know these weak password practices are widespread and, with so many employees working from home as a result of the COVID-19 pandemic, cybercriminals have targeted the less secure systems of these remote workers.
Acronis analysts found that password stuffing was the second most used cyberattack last year, just behind phishing.
One report found that 48% of employees admit they are less likely to follow safe data practices when working from home.
Acronis analysts expect the financial impact of data exfiltration will soar in 2021.
How to protect yourself
There are methods to protect yourself.
Multifactor authentication (MFA), which requires users to complete two or more verification methods to access a company network, system, or VPN, should be the standard for all organizations.
By combining passwords with an additional verification method, such as a fingerprint scan or randomized PIN from a mobile app, the organization is still protected if an attacker guesses or breaks a user’s password.
Make sure all users authenticate themselves, prove their authorization, and continuously validate their security to access and use company data and systems.
Also, use unique passwords. Don’t reuse the same passwords across multiple accounts. Doing this puts all your accounts at high risk of being compromised if one is hacked.
When creating passwords, make them complicated and sophisticated because if your password is made up of more than eight characters and you mix up letters, numbers, and symbols, most hackers will just move on to targeting easier accounts.
Finally, use a password manager, if you’re worried about forgetting passwords.
3.2 bn emails and passwords leaked
Normally when a data breach occurs, the cybercriminals responsible may leak the usernames and passwords stolen from one organization or company. However, a new compilation recently posted on an online hacking forum contains more than 3.2bn unique pairs of cleartext emails and passwords gathered from past leaks.
As reported by CyberNews, this new data leak is being referred to as the “Compilation of Many Breaches” (COMB) as it contains more than double the amount of unique email and password pairs than the Breach Compilation from 2017 in which 1.4bn credentials were made available online.
CyberNews found that COMB contains more than 3.27bn email and password pairs.