SplashData Releases List of ‘Worst Passwords of 2018'
Hikvision Recommends Changing Default Passwords, Outlines 6 Steps to Reduce Threat of Password Hack
Password management application provider, SplashData, released its eighth annual "worst passwords" list for the year 2018, where it evaluates millions of leaked passwords and determined those used most frequently, with the hopes that it will encourage users to protect themselves online, according to an article in Security magazine.
From the article: “After evaluating more than 5 million passwords leaked on the Internet, the company found that computer users continue using the same predictable, easily guessable passwords. Using these passwords will put anyone at substantial risk of being hacked and having their identities stolen.”
SplashData’s top five worst passwords for 2018 are:
- 123456
- password
- 123456789
- 12345678
- 12345
“Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations,” said SplashData CEO, Morgan Slain, in the article.
Click here to read more about the list.
Changing Default Passwords
In a previous blog, “California One of First U.S. States that Banned Use of Default Passwords for IoT Devices,” Hikvision’s cybersecurity director, Chuck Davis, said this about default passwords: “Defaults are really bad. Hackers love to focus on defaults because they realize a lot of people don’t change defaults, whether it’s default passwords or ports or different configurations. So, always make sure you’re changing those defaults.”
That blog detailed a new law passed by the California legislature that banned default passwords for all IoT devices in the U.S., including smart home security equipment. “The bill aims to improve security for the vast number of consumers who do not change default passwords — such as “123,” “password” or “admin” — that come with new devices,” according to the Security Sales & Integrationarticle referenced.
Below, Davis offers six tips to create complex and hard-to-hack passwords.
Six Steps to Improve Passwords
In the HikWire blog, “Hikvision Cybersecurity Director Offers Six Steps to Reduce the Threat of Password Hack,” Davis outlined the following six tips to improve passwords:
- Create a long, strong password: Develop a strong password, which includes multiple character sets such as uppercase and lowercase letters, numbers and special characters. Make it long—eight characters or more. Davis added: the longer the password, the better.
- Change default passwords: It’s critically important to change default passwords on all devices, and set a complex password (see tip number one).
- Use a password management tool: As you create more complex passwords that different from site to site, you may find it difficult to remember them. A best practice is to use a “password management tool,” which can help you generate and retrieve complex passwords.
- Where possible, enable the lock-out feature: Enable the password lock-out feature after a certain number of invalid login attempts, and receive notifications of those attempts. This prevents brute-force password attacks.
- Where possible, enable multi-factor authentication (MFA): Enable MFA, especially where you have only a username and password protecting sensitive data. Many sites support MFA but not many people are aware that they have the option to enable MFA. The following site lists popular sites and shows how to enable MFA on those sites. https://twofactorauth.org/
- Assign unique, individual usernames: Ensure individual accountability by assigning everyone their own unique username and password, with no sharing of accounts allowed.
Click here to read the whole article, and visit us online for more cybersecurity insights.