Published: June 24, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
According to SplashData, the votes are in. Although there may be some slight disagreement about what the “worst” password of 2019 is, experts know there’s no shortage of bad contenders to choose from. By now, most everyone knows a unique and strong password is a vital part of keeping cybercriminals from entering online accounts. Yet for all the secure password reminders out there, humans still gravitate toward the familiar and easy choices. For example, a bad password favorite over the years has been “football.” Although it’s still on the list, it’s at least dropping and is now down to #36. Things are looking up; or are they?
Cybersecurity experts know that when websites and online accounts get hacked, the bad guys don’t hesitate to post stolen passwords, usernames, and email addresses on underground sites. Anyone who knows where to look can find them. Cybercriminals have no shortage of ways to exploit stolen passwords, and there’s no reason we should help them.
One hacker favorite tool is “credential stuffing” passwords. When crooks begin trying or “stuffing” the same stolen password on a user’s other accounts, chances are they’ll have a winner. Also, using two-factor authentication (2FA) is a great way to keep passwords where they belong. It’s a simple way to verify it’s really you trying to log into an account. A randomly generated code is sent to a user as a second layer of protection when logging in. Another method is answering challenge questions. There are other ways, but whatever it is, it’s better to use it whenever it’s available.
So, don’t get caught red handed with bad and/or reused passwords, even if 2FA is in place. And remember, if you write down passwords to remember them, always keep them in a very safe place that is not on your computer or mobile device. A hint about passwords -- If a password you use is on the list, stop using it!
Top 20 Worst Passwords of 2019
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org