New research recently revealed that an alarming number of people still use login credentials that are way too easy to hack, such as “password” and “123456”, putting them at serious risk of identity theft.
C’mon guys! Didn’t y’all learn anything from the movie Identity Theft last year? (Editor’s note: I think the only thing anyone learned from that movie is that some movies should never be made.)
Andrew Clouston, founder and CEO of personal profile manager app MOGOplus, said the difficulty of remembering complex passwords across multiple sites has pushed many of us to settle for ridiculously basic credentials across all of our accounts.
Passwords literally as easy as ABC, 123
This is highlighted by new research from online security firm SplashData, which recently revealed its annual list of most common passwords. The top 10 passwords were: 123456, password, 12345678, qwerty, abc123, 123456789, 111111, 1234567, iloveyou and adobe123.
That awkward moment when you recognise your password among the above
These findings by SplashData are similar to previous research by computer security consultant Mark Burnett who analysed 6,000,000 unique username/password combinations that have been leaked on to the internet following hacking attempts.
In fact, poor password security is as old as passwords themselves. Not even the mighty US military is immune – it has recently been revealed that for 20 years during the Cold War, the launch code for US nuclear missiles was 00000000.
Someone could have punched that in by accident and blown us back to the Stone Age!
“If you’re not using unique, strong passwords for each website you log into you’re just asking to be defrauded. Strong passwords are at least 12 characters in length and contain a mix of letters, numbers and symbols preferably in both upper and lower case,” Clouston warns.
…or like you’ve probably already seen on Twitter, “Your password must contain an uppercase letter, an emoticon, a haiku, a gang sign, a hieroglyph and the blood of a unicorn”
“When setting passwords don’t ever use your name, date of birth, home address or any of those things that are easily attributable to you personally,” Clouston adds.
Moving on from the traditional password
An industry working group dubbed FIDO, which includes representatives from Google, PayPal, Microsoft and MasterCard among others, is working to develop new standards for authentication that do not use traditional passwords.
In fact, one of the biggest trends of the recent Consumer Electronics Show in Las Vegas in January was the effort to kill the password. Innovations on display included:
- Fujitsu PulseWallet which scans the unique pattern of veins on your hand
- Bionym lets you use your heartbeat as a password
- EyeLock iris scanning software that recognises users by their eyes
The heartbeat, vein and eye scanner tech from CES coupled with what we’re already seeing with the iPhone fingerprint sensor shows that the humble password’s days are numbered.
We’ll soon be accessing things like the people in sci-fi movies do!