The passwords most likely to get you hacked
Published 02/03/2016 | 08:38
If your password is P@ssw0rd or St@rt123, change it immediately. The terms are among the most commonly-guessed passwords by online hackers in the last 12 months, according to a new report from security group Rapid7.
Rather than focusing on the passwords that people typically pick, Rapid7 decided to look at what online scam artists are actually using to test— and likely break into— internet-connected point of sale (POS) systems, kiosks, and computers.
Their findings are particularly shocking: majority of the top 10 passwords attempted are ridiculously simple, implying a widespread use of terrible passwords. Examples including 'admin', 'x', 'Zz' and '1'.
One of the simplest ways to access someone's online account is to guess a password, and hacking software tends to try the most common ones first. Often, passwords are shared between accounts, so once they've guessed right, hackers will try their luck at several other accounts including banking and social media.
How the passwords were revealed
In order to track hacking attempts, the experts set up 'honeypots' - areas of a website that look normal, but are actually bait for hackers that can be monitored.
During the 12 months they ran the study, the honeypots racked up 221,203 different log-in attempts, coming from 5076 devices across 119 countries, using 1806 different usernames and 3969 different passwords.
There were on average 662 login attempts every day by criminals.
This type of research "is incredibly useful for spot checking the state of cyber hygiene," according to Tod Beardsley, Security Research Manager, Rapid7, because it can reveal where businesses are going wrong with their digital security.
Earlier this year, researchers at SplashData revealed the most common passwords of 2015, including passw0rd, login and 123456.