A new report from NordPass detailed the top used passwords of 2020, and their research shows that many people use easy-to-hack passwords such as “123456789,” the word “password,” or “iloveyou.”
In total, they looked at a database with 275,699,516 passwords, and of the 200 worst passwords, “123456” is the most commonly used of 2020, with 2,543,285 people choosing it. The research also shows that it takes less than a second to crack these basic passwords.
Comparing NordPass’ totals to 2019, not much has changed, with little to no difference in the most common passwords – signaling that perhaps enterprise security professionals can step up education and training to employees to safeguard accounts with more sophisticated and secure passwords both in and out of the office.
“Hostile cyber actors are not sheltering in place -- very much the contrary. To remediate incidents involving user credentials and respond to adversaries, organizations must move fast and consider an approach that is closely aligned with monitoring user behavior - to provide the necessary visibility needed to restore trust, and react in real time, to protect user accounts. This should include the ability to detect, using behavioral characteristics, when abnormal events have occurred," said Grant McCormick, CIO of Exabeam.
In addition, Jeff Hussey, CEO of Tempered advised enterprises to go a step further. “For years, the traditional tools to prevent credential-based attacks have been firewalls, password policy, URL filtering, and 2-factor authentication. These technologies continue to play a role, but they remain susceptible to attacks and are challenging to manage at scale. It’s important to understand that there’s now another option: invisibility. In simple terms, hackers can’t hack what they can’t see. So, instead of the costly and complex process of installing even more locks on the doors to your network, you can now make your network invisible to these bad actors. You start with cryptographic identities and zero-trust at the network level, along with multi-factor authentication (MFA) to decide who gets to see which endpoints. Then it’s no longer a matter of determining which vulnerable endpoints need to be secured, because no endpoints are visible, much less vulnerable to hackers.”