Passwords date back to Roman times, when soldiers used small wooden tablets to authenticate each other. And today? A look at the most popular passwords of the past year reveals which mistakes we should urgently avoid when creating a really secure password!
October is "European Cybersecurity Month" (#CyberSecMonth for short) throughout the EU and is also accompanied by educational and training offers at ERGO. Reason enough for //next to follow up our interview with ERGO Innovation Manager and cyber expert Maximilian Lipa with a look at typical password sins and the lessons learned.
It's also exciting to take a look at history: it wasn't until 1961 that passwords took on their current form, when computer scientists at the Massachusetts Institute of Technology (MIT) developed the computer password so that several people could use a shared computer system. Of course, we use them countless times every day at work and in our personal lives.
With so many passwords, it can be tempting to write them down for easier recall, but we shouldn't! In 2021, researchers discovered the most common combinations using a four terabyte database of leaked passwords:
1. 123456 (103.170.552 hits)
2. 123456789 (46.027.530 hits)
3. 12345 (32.955.431 hits)
4. qwerty (22.317.280 hits)
5. Password (20.958.297 hits)
6. 12345678 (14.745.771 hits)
7. 111111 (13.354.149 hits)
8. 123123 (10.244.398 hits)
9. 1234567890 (9.646.621 hits)
10. 1234567 (9.396.813 hits)
Of course, these are not good passwords, and ERGO has controls in place to ensure that such passwords are not used.
Reminder: Passwords must consist of three of the following four elements:
- Upper case letters
- lower case letters
- special characters
We have already illustrated here with a graphic how drastically the security of a password increases if we combine as many of these elements as possible. And: Passphrases are also a great way to create passwords, along with using character replacement.
For example, take the first character of a sentence and use it:
“I will drive to ERGO on Tuesday if it’s raining by 8:00am.”
Replace the “I” with “!” and the “E” with a “3” to create the following: !wdt3oTiirb8
In addition, your passwords should never tie to personal information nor words found in the dictionary. They must be changed if you suspect compromise! System administrators do not need your password to work on your system- so do not ever tell someone your password, even if requested by a superior. In closing, passwords are like toothbrushes- they shouldn’t be shared!
Text: Jason Geiger / Ingo Schenk
How S*** is your password?
Multifactor authentication is not a panacea
How quickly can passwords be hacked?
„123456” and „password”: These were last year's most insecure passwords