‘Bigbasket’, ‘12345’ and ‘12345678’ were among the most popular passwords in use in India from 2019 to 2021, according to a report by Nordpass, a password management solution from German cyber security company Nord Security.
Researchers at Nordpass pointed out that when popular films and series are released, people start using these names as passwords. Examples are: Batman, Euphoria and Encanto which were some of the most popular releases in 2021/2022. People used ‘batman’ 2,562,776 times, ‘euphoria’ 53,993 times and ‘encanto’ 10,808 times globally as passwords.
Although these would be easy to remember, it is a terrible practice, as these are too easy to hack.
Here are some cyber hygiene tips for proper password use.
Never reuse passwords: Passwords should ideally vary between different apps and websites. That being said, most people struggle to remember passwords and therefore use common passwords that are easy to remember. Not only that, they also tend to repeat passwords.
According to a Google cybersecurity report, 75 percent of all Americans struggled to remember their passwords, and at least 65 percent reused their passwords across multiple accounts and devices.
Antoine Korulski and Adi Goldshtein Harel, security researchers at Checkpoint, an Israeli cybersecurity company, wrote in a blog post that “even though most of the population understands the risks and knows not to reuse passwords, most of us continue to reuse passwords for both businesses and personal accounts”.
Password managers help, but to a certain extent: There are password managers, such as Google password manager, Intel true key, Microsoft authenticator, among others, which are popular among users.
Researchers at Checkpoint said people use password managers as it helps them save their passwords, but these can be hacked.
In August 2022, LastPass, a password storage management solution, was hacked for the second time, and LastPass management said the bad actor had internal access to their systems for approximately four days.
Karim Toubba, CEO, LastPass, told Engadget that “they (hackers) were able to steal some of the password manager’s source code and technical information, but their access was limited to the service’s development environment, which was not connected to customers’ data and encrypted vaults.”
Think twice before saving passwords and credentials on websites: When people create a new account on any website or app, they often save the password or at least the website login email address as the default option.
Checkpoint researchers noted that as soon as cybercriminals understood that there is a huge business potential, “they began to focus their efforts on hacking various websites and services that are not of great value in themselves, but are lucrative because of the user credentials they contain. “
The password storage guidelines of the National Institute of Standards and Technology (NIST) under the US Department of Commerce require passwords to be salted with at least 32 bits of data and simultaneously hashed with a one-way derivation key. But most websites do not adhere to this policy and store users’ passwords in plain text, Checkpoint researchers noted.
In 2015, the Telecom Regulatory Authority of India (TRAI) exposed the email addresses of over 1 million people advocating net neutrality, and subsequently TRAI’s website was also “allegedly” hacked following this leak, according to various media sources.