Share this
Previous story
← IT Risk Assessment and the SANS Top 20 - Part IV
If you guessed that they are some of the worst passwords used in 2015, you would be correct! The 2015 annual list of the worst passwords used by individuals was released and coming in at #1 again this year is "123456". Coming in at #2 was everyone's favorite: "password". The shame of the matter is that according to SplashData, these both remain unchanged in terms of position as the worst passwords, meaning that they held those same exact spots in 2014. Amazing!
We often look at Information Security as driven by technology, which is very true. However, you can have all the latest and greatest technology in the world implemented in your organization, but if your users have passwords of 123456 and password, that technology probably isn't going to matter much in the grand scheme of things. It has been said that people remain the weakest link in an organizations Information Security Program, which is true for many reasons, but the use (or lack there of) of appropriate, challenging passwords has to be one of the most obvious instances. For more verification on this, let's look at the entire list of the 25 worst passwords of 2015 in order:
If we look at this list a little closer, particularly the top 10 worst passwords of 2015, 60% of these are just numbers. No special characters. No letters. No punctuation. Just numbers. This has brute force attack written all over it and for good reason; it's just too easy!
That's the bad news. The good news is that this can be fixed through a variety of different tactics. First, have your employees, all of them, go through Security Awareness Training at least annually. Second, refresh this material at quarterly meetings or through company newsletters. Third, have a strong Password Policy that requires frequent changes and combinations of lowercase letters, uppercase letter, numbers, and special characters. Your employees may hate you for this but at least your organizations information will be a little more secure. Fourth and finally, "test" your employees through Social Engineering Assessments to see what passwords they use, where they store those passwords, and how easy it might be to guess or find their passwords.
For some tips and best practices, and in some cases what not to do, download our Best Password Tips Checklist. Print it out, give it to your staff, and build a culture of security in your company!
These Related Stories
No Comments Yet
Let us know what you think