Australian businesses are being warned to make sure their passwords are up to scratch, with ‘123456’ and ‘password’ still amongst the most popular choices.
The latest data from Microsoft shows hackers are conducting 921 password attacks every second, a 74 per cent increase from 2021*.
“Using the name of your childhood pet, your birthday or the street you grew up on simply isn’t enough to protect yourself from scams or cyber attacks in 2023,” said Phil Parisis, General Manager of My Business
“If it’s easy for you to remember, chances are it’s also easy for cybercriminals to guess and that’s not only putting you at risk but also exposing the businesses and corporations that you work for.
“Often a password is a first line of defence in a cyberattack so you want to make sure it’s like a locked door.”
According to CyberNews** and their analysis of leaked accounts, the most popular passwords in 2023 are:
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
Of the more than 15 billion passwords analysed from publicly-released data breaches, only around two billion were unique.
“What’s interesting about this password data is that researchers were able to tell users favourite sporting teams, their cities, favourite food and even their ages just by their passwords,” Mr Parisis said.
“Another common inclusion is a year – often their birth year or another significant year in their life.
“Often people have the same password across their personal and work accounts which increases their chances of being hacked and losing multiple accounts at the same time.”
Mr Parisis’ top five tips for creating strong passwords:
- Multi-factor Authentication. A security measure that requires two or more proofs of identity to grant you access. Multi-factor authentication typically requires a combination of either passwords, PINs, secret questions, an authenticator app, or fingerprint/other biometric.
- Use a mix of characters. Use a combination of uppercase and lowercase letters, numbers, and special characters (such as %, *, and @) in your password. This makes it much harder for someone to guess your password using brute force methods. The longer your password, the harder it is to crack. Aim for a password that’s at least 12 characters long.
- Avoid common words and phrases. Avoid using common words or phrases in your password, such as “password,” “123456,” or “qwerty.” These are among the most commonly used passwords and are easily guessed by attackers.
- Don’t reuse passwords. Never use the same password for multiple accounts. If one password is compromised, all of your accounts are at risk. Staff should have their own accounts and passwords.
- Use a password manager. The best passwords are the ones you don’t have to remember at all. A password manager can generate strong, unique passwords for each of your accounts and store them securely. This eliminates the need to remember multiple passwords and helps you create stronger passwords overall.
Mr Parisis says the latest ReportCyber*** data shows an eye-watering $300 million is lost every year to cybercrime. My Business helps small businesses protect against cyber scams and attacks by offering automated staff training, tools and resources.
“Our simple training helps small business owners work smarter, not harder but giving them the tools needed to stay protected online,” Mr Parisis said.
“Weak passwords are one of the top causes of data breaches and cyberattacks. Small businesses are particularly vulnerable to these threats due to their limited resources and often lack of dedicated IT departments.
“Make sure staff undergo regular security training exercises to follow password hygiene best practices, including identifying and reporting suspicious emails and messages.”