Believe it or not, the most common password turns out to be the word “password”. Ranked #2 is “123456”. It does not take too much rational thinking to understand that individuals that use these types of passwords are simply asking for problems.
When hackers want to make their way into an online account, they use huge lists of known passwords, because they understand basic human nature. Even though an individual might not leave their car or house keys out in the open for someone to take, using a simple, common password is no different than offering a thief exactly what they wish to steal.
Although online users might believe they are clever in using a simple password, hackers can easily enter accounts and websites through the simplicity of easy-to-guess words, phrases and alphanumeric structuring. Some of the most commonly used passwords include “monkey”, “letmein” and “trustno1” (a tipping of the hat to the familiar expression from The X-Files – “Trust No One”).
An Individual and Business Problem
Even large companies have to deal with hackers making their way into their websites and accounts. Banks have had to deal with the problem. Large online merchandise websites and even Wall Street have all been hacked in recent years. While these large companies seem to be so prone to hacking, gaining access into an individual user’s account often goes unnoticed. Typically, large company’s hacking issues become public and often garner worldwide attention, while the individual can have their financial world quickly collapse, or have their personal information stolen, all out of the public eye.
A Governmental and Business Problem
To make matters worse, many federal, state and local government employees and management will use simplistic passwords for their government business accounts. This can provide an increased threat to many governmental agencies. These agencies, along with many large utility companies, water companies and other industries that affect every citizen in the nation, reuse identical passwords across their IT platforms, which allow hackers and cyber criminals complete access into the individual’s entire structure online.
The sure way of improving this situation is to use multi-factor authentication as a way to protect the individual or business’ non-trivial assets. However, even this has its challenges. Although an added layer of authentication does provide extra level of safeguarding, it can only be effective if the default administration password is not used, and any "backdoor" passwords are not easily guessable. That could allow a hacker, attacker or cybercriminal instant easy access through the perimeter-, application- or network-level security controls.
Weak authentication mechanisms have been known to cause a breach in a variety of systems including the payment processing industry. When these passwords are bypassed, cardholder data can be exposed to those who would abuse or sell the information. The exploitation of weak passwords has become a severe endemic issue in both the hospitality and retail industries, leaving consumer’s information exposed to anyone having online access.
With today’s availability and portability of two factor authentication systems, there is simply no more excuse for relying on simple passwords. A simple or short phrase password has too many significant weaknesses, including the human factor.