If you haven’t already checked out the list of “Worst Passwords” released by SplashData earlier this week, you may want to—and soon.
Each year, the company publishes a list of the riskiest passwords, which frighteningly, are also the most common. In an age where we all have countless passwords to keep track of, and more and more of our business continuity depends on the security of our data, it’s more important than ever to make sure we’re not leaving ourselves fully exposed to the risk of having our accounts compromised.
Educate your customers
As an IT service provider, you know the best practices for creating secure passwords. But, do your customers?
It might be time for a gentle reminder that “password1” as a password just won’t cut it anymore. While choosing an obvious phrase makes it easy to remember, it also makes it easier to guess. And there’s nothing easy about regaining control over compromised data.
The worst of the worst
According to SplashData’s fourth annual report, “123456”and “password” continue to hold the top two spots, which they have held each year since the first list was released in 2011. Yikes.
Below is the list of the top 25 most common (and worst) for your easy reference. Share this with your mother, your brother, your colleagues, and most importantly, your clients. If you see a password you’re currently using, go ahead and take a break now for a password change.
- password 12345
Other common mistakes to avoid
SplashData’s CEO gives an overarching piece of advice: “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
A few other key tips that the company has given include the following best practices:
- Users should avoid a sequence such as "qwertyuiop," which is the top row of letters on a standard keyboard, or "1qaz2wsx," which comprises the first two 'columns' of numbers and letters on a keyboard.
- Don't use a favorite sport as your password. "Baseball" and "football" are in top 10, and "hockey," "soccer" and "golfer" are in the top 100. Don't use a favorite team either, as "yankees," "eagles," "steelers," "rangers," and "lakers" are all in the top 100.
- Don't use your birthday or especially just your birth year. 1989, 1990, 1991, and 1992 are all in the top 100.
- While baby name books are popular for naming children, don't use them as sources for picking passwords. Common names such as "michael," "jennifer," "thomas," "jordan," "hunter," "michelle," "charlie," "andrew," and "daniel" are all in the top 50.
- You may also want to stay away from swear words and phrases, hobbies, famous athletes, car brands, and film names, which are all widely used passwords as well
The Department of Homeland Security reminded us last Cyber Security Awareness month that a critical step in protecting ourselves (not to mention your customers) is to set strong passwords, change them regularly, and don’t share them with anyone. And, MSPmentor recently published some tips for strong, secure passwords that are also worth passing along.
Threats are everywhere online, and they don’t discriminate between small businesses, government agencies, or individuals when plotting their next attacks. Lucky for your customers, Intronis takes steps to secure our cloud against outside threats. However, know that MSPs and their customers have accounts that we don’t control. And since we’re all in the business of keeping small businesses safely and securely up and running, it’s important to take time to make these reminders. So, go ahead and let your customers know you “have their back.” Share these tips with them today!