One of the things that often goes hand-in-hand with the countless hacks and data leaks we’ve written about in the past, and which continues to dominate cybersecurity news headlines, is the frequency with which people keep making the same dumb password-related mistakes over and over again.
One of the most egregious mistakes that people make — and the reason so many people’s account credentials end up being found in the hands of hackers, thanks to sites like Have I Been Pwned — is the re-use of passwords across multiple accounts. According to a new survey from the UK’s National Cyber Security Center (NCSC), another involves people using their pet’s name as an account password.
Millions of British people are actually doing this, according to a BBC summary of the survey’s findings. And, it should go without saying, this is obviously a pretty shoddy password choice, since a pet name is something a hacker could easily guess or find out. “We may be a nation of animal lovers,” NCSC communications director Nicola Hudson told the BBC, “but using your pet’s name as a password could make you an easy target for callous cyber-criminals.”
The NCSC survey, meanwhile, doesn’t stop there, because people’s terrible password choices extend well beyond Fido and Senator Buttons. Also identified in the survey:
- 14% of people said they use some form of a family member’s name as a password;
- 13% pick a notable date of some kind;
- And 6% make another of the most egregious password mistakes (using “password” in some form, as their, erm, password).
Roughly 40% of the survey respondents said they had never chosen a password that would be as easy to guess as one of the previous choices. Meanwhile, some of the additional dumb password options that people in this survey copped to include the password being connected to a favorite sports team, TV show, or a string of obvious numbers like “123456.”
Along those same lines, we noted in a previous post recently just how often people use embarrassingly obvious numerical passwords that even a child could guess. Such that, as we noted in the post, you can probably guess some of the top three worst iPhone passcodes that users often default to when they can’t be bothered to think of a hard choice (mind you, these are all four-character passcode options, but you should definitely take advantage of your phone giving you the option to choose a longer passcode to lock your device) — In order, the top worst option is “1234,” followed by “1111” and then “0000.”
Best practices that the NCSC recommends include picking random words to string together as a password, along with adding in special characters like an exclamation point. Perhaps even more important is creating a separate, unique, and strong password for your email account, since email is often what’s used to reset passwords that you have elsewhere.