Brits say go easy on the security and give me an extra portion of simple

1

Some like it hot. Many prefer blondes. But when it comes to security most like it easy.

According to an ongoing government survey started in October 2014, as part of the Cyber Streetwise campaign, your password is likely to be a bit rubbish in all honesty.

In fact 3 in 4 Brits favour a list of most popular passwords that seems to have come not from a good practice document but rather from a dump detailing the most suckish login credentials found in the latest data breach.

Perennial favourites, such as dates and places of birth and pet names – which are insecure ‘secret questions’ at best – still figure prominently among the nation’s favourites, as do the following selective gems taken from an Express feature on the 25 most popular passwords of 2014 –

  • 123456
  • password
  • 12345
  • 12345678
  • qwerty
  • 123456789
  • 1234
  • 1234567
  • letmein
  • abc123
  • 111111
  • access
  • 696969
  • 123123

As I’m sure most of you are aware, weak passwords make it incredibly easy for hackers to gain control of your accounts and devices because they can be cracked with insane ease.

So why do so many people persist in using short, easy to guess passwords instead of longer, more complex alternatives using a combination of letters, numbers and symbols?

Simplicity would be my guess.

In a world where more and more devices are connecting to the internet, in which we need to maintain an increasingly large number of accounts for all our online activities, the number of login credentials we require and need to remember is growing at quite a rate (if you aren’t already using one, a password manager such as LastPass or KeePass is a great tool that will cut down the number of passwords you need to remember to just one).

While I’m sure many people are using simple passwords for ease of use and don’t risk them on accounts of great importance, equally I can envisage a significant minority using “123456” as their password on every single account in their possession (if that sounds like you remember that one compromise of your login credentials will open up all your accounts to the attacker).

That’s worrying for them, it’s also worrying for you if you are employing them.

What are you doing to ensure that your employees are security aware and able to adequately protect not only their own digital assets but yours too?

Because you can bet your bottom dollar that someone who prefers ease of use at home is highly unlikely to change their mindset when they come into work.

While I firmly believe that security can be made far more complex than it needs to be, or at least presented in a way that appears anything but clear, there is equal risk in making it too simple.

So watch out for your employees – until a viable alternative finally kills off the humble password, 3 in 4 of them may need your help, both for their sakes and for yours.