46% of Australians are Using Weak Passwords - Are You?

World Password Day. A day that, unfortunately, we continue to promote as a reminder of the importance of password security.

Despite the advancements in technology, and the increase of information aiming to improve awareness amongst the general public, many individuals continue to practice poor password hygiene, leaving their personal and professional data vulnerable to cyber threats.

With research conducted by YouGov on behalf of Telstra showing that almost half (46 per cent) of Australians admit to using easy-to-guess passwords, it is more important than ever for business leaders to lead from the front with employee education, cyber security processes and systems to protect their organisation.

Poor Password Practices

Password Reuse: Many people use the same password across multiple accounts, such as email, social media, and online banking. This practice increases vulnerability to widespread breaches, as compromising one account can lead to unauthorised access to others.

Inclusion of Personal Information: Many people incorporate personal details such as birthdates, names of family members, or pet names into their passwords. This approach makes passwords predictable and susceptible to targeted attacks based on known information about the individual.

Infrequent Password Updates: Failure to change passwords regularly leaves accounts vulnerable to exploitation over extended periods. Without regular updates, compromised passwords may remain valid for long periods, increasing the risk of unauthorised access.

Lack of Multi-Factor Authentication (MFA): Despite being a highly effective security measure, many Australian businesses have not enabled MFA on their accounts. This oversight leaves accounts more susceptible to unauthorised access, as cybercriminals only need to overcome a single barrier to entry.

Poor Password Management in the Workplace: Within organisations, employees may share passwords, use default credentials, or store them insecurely. Such practices create vulnerabilities within systems, potentially leading to data breaches or unauthorised access to sensitive information.

Use of Weak Passwords: Some individuals opt for simple, easy-to-guess passwords, like "123456" or "password." Such choices are easily exploited by cybercriminals using automated tools to crack passwords.

Australia’s most common passwords

Global password manager NordPass trawled 10.9 terabytes of publicly available databases, including those on the dark web that are used by cybercriminals to infiltrate and steal identities. From their findings, here are the top 10 most common passwords in Australia, and the time it would take for a hacker to guess them.

1. Banned — 2 minutes to crack
2. 123456 — less than a second to crack
3. Admin — less than a second to crack
4. password — less than a second to crack
5. 1234 — less than a second to crack
6. qwerty123 — less than a second to crack
7. 12qwasZX — less than a second to crack
8. 12345 — less than a second to crack
9. 12345678 — less than a second to crack
10. 1qwerty — less than a second to crack

5 Password Security Basics

1. The longer the better: At a minimum, you should have 8 characters in your password, however, we recommend 12 or more.
2. Complexity: Adding numbers and characters greatly increases the strength of a password, as does a combination of lower and upper case letters.
3. Avoid repetition: Try to avoid creating a complex password, and then incrementing it by one character each time you’re asked to change it. And remember - it is essential not to use the same password across multiple devices and systems. This is where the use of a password manager program can come in handy.
4. Avoid obvious words/phrases: It concerns us that we still have to say it, but don't create passwords using obvious phrases like “Password1", "QWERTY", "asdfjkl", "abc123". Dictionary brute force cyber attacks start with these obvious phrases.
5. Don’t write it down: Don’t record your password anywhere, especially not on a post-it note on your desk!

The Australian Cyber Security Centre (ACSC) recommends that passphrases are most effective when they are:

1. Unique – not a famous phrase or lyric, and not re-used.
2. Longer – phrases are generally longer than words.
3. Complex – naturally occurring in a sentence with uppercase, symbols and punctuation.
4. Easy to remember – saves you being locked out.
5. Used with multi-factor authentication.

Use a Password Manager

At the end of the day, remembering multiple passwords can be tricky, particularly when it is recommended to change them frequently. A password manager is a program that will take away the pain of remembering your passwords by generating and remembering secure passwords for you. This software can be installed on your computer, smartphone or tablet, where it will generate and remember secure passwords for you. Some password managers will even sync across your devices.

So, this World Password Day 2024, let's commit to levelling up our password game and keeping our personal and digital data safe.

How can Diamond IT help?

If you want to educate your employees on how to create and maintain secure passwords, our staff education programs and policy and procedure reviews can help. Our Business Technology Consultants are specialists in improving your internal cyber security.

• Cyber Security Awareness training 
• Cyber and Data Breach consulting and forensic analysis
• Disaster Recovery (DR) planning 

If you need advice on how you can ensure your cyber security strategy is fit for purpose, our team of cyber security experts are ready to help. Contact our team on 1300 307 907 today.