Worst Passwords List Shows No Improvement over Previous Years
Recently, the Worst Passwords list for 2015 was released, once again revealing that the most commonly used passwords are “12345” and the word “password.” While there were some longer passwords on the list, like “1234567890,” and some that included both characters and numerals, like “passw0rd,” all revealing more than ever, that users are still up to their bad habits of poor cyber hygiene and most common passwords have not changed.
Hackers not only love this, but also take full advantage of these everyday users since it is not only simple and easy for them to gain access to these credentials, but they are also making money in the process of doing so. When users have common, well known passwords, this sets a clear path for hackers by simplifying the access to a guessing game for them.
Once hackers have access to an account and credentials, a users identity, credit card information, and even home address is all at risk, and easy to take advantage of.
A recent hack on Sony revealed that the company had stored over one thousand company and personal passwords in a folder labeled ‘Password’. This notable Sony hack, along with the many others that have been seen in this last year alone, show that it is not only consumers that are using simple, easy to remember passwords out of need for convenience. It is now known that enterprises across the country may be leaving their database open and completely vulnerable to a quick and easy breach.
So what is the real cost for companies who are not addressing this? At the end of the day, enterprises that are getting breached, are not only suffering financially, but also getting hit with a major loss of reputation/brand, and especially, customers.
The popularity of using easy to remember credentials such as “12345” show that customers prize simplicity. Companies selling to consumers are often hesitant when it comes to strong security solutions, simply because they don’t want to make their login processes too complicated out of fear that this will only lead to customer loss, low usage, and disengagement.
For enterprises, what it comes down to, is a very large challenge to balance security, convenience and even cost. Easy access is highly valued by active consumers, whose lives are hectic. It is clear that the companies that serve them are also choosing convenience over security. Consumers will continue, just like they have in the past, to use easy to remember, simple passwords, leaving themselves vulnerable.
So, what can companies do to protect themselves and their customers? Enterprises need a solution that not only deploys a MFA strategy, but moves the authentication flow away from the malicious actors and vulnerabilities that exist.
This solution should should consider allow for shared credentials that are obfuscated away from the users knowledge so that intentional or unintentional misuse or loss is prevented. It should also provide auditing at the user level to meet compliance and regulatory policies, all while making it simple and easy for the user to access their application and sites.
Consumers tend to equate secure with complicated. However, with today’s next generation out-of-band MFA solutions, consumers and enterprises can have the convenience that they so desire and the security that they need. This way, users can rest easy knowing that their personal data is not at risk.