Cyber criminals are becoming smarter and more sophisticated with how they steal money and personal details online and while many people are wising up to these tricks, it seems the passwords some people pick for their online accounts are letting them down.
The UK’s National Cyber Security Centre (NCSC) and web security expert Troy Hunt recently released a list of the most common passwords found in online data breaches. According to the NCSC, the password ‘123456’ was found 23 million times alone in the breaches Hunt collected.
‘Qwerty’ and ‘password’ were also high on the list, while phrases such as ‘iloveyou’, ‘computer’, ‘princess’ and ‘f***you’ were also the most common.
Another common trend was company or brand names such as ‘samsung’, ‘linkedin’ and ‘apple’, while other people used names of bands, sports, foods and partners or loved ones.
It follows a 2018 report carried out by Virginia Tech University and security firm Dashlane which analysed 61 million leaked passwords. The results of that report were similar and found 52 per cent of people reuse the same password multiple accounts – making it easier for scammers to steal personal information.
That study also found that many people use ‘password walking’ to set our passwords, which refers to the use of a series of characters which appear close to each other on the keyboard such as ‘qwerty’ or ‘123456’.
Stay Smart Online, which is part of the Australia Cyber Security Centre, says hackers can use automated software to guess as many as 350 billion passwords per second. If this occurs, hackers can send messages from your personal accounts, use your bank details to obtain money, change personal files on your computer and even steal identities.
They key to a strong password is one that includes at least 13 characters and four words. They should avoid personal information, street addresses, repeated characters or passwords that have been used in the past. Equally, passwords need to be changed regularly, with Stay Smart Online recommending a change at least once a month.
For accounts containing information about banking, online payments or personal information, opt for unique and more complex passwords. Accounts that contain little confidential information can use less complex passwords, but it’s always important to take online safety seriously.
Figures released by the Australian Competition and Consumer Commission (ACCC) last month showed Australians lost $489 million to cybercrime in 2018 – up $149 million from the previous year.
Investment scams accounted for a recorded loss of $86 million, while dating and romance scams cost Aussies $60.5 million.