These are the terrible passwords that people are still using. Here's how to do better

National Cyber Security Centre issues advice on best practice for passwords - and that includes not using the name of a pet or family member to secure your accounts.
Written by Danny Palmer, Senior Writer

People are using easy-to-guess passwords, including their pet's name, family members' names, significant dates, their favourite sports team – or even 'Password',  and that could be putting them at risk of their accounts being compromised by cyber criminals.

Research by the National Cyber Security Centre (NCSC) suggests that 15% of people have used their pet's name as their password at some point, while 14% have used the name of a family member.

A further 13% have used a significant date, such as a birthday or anniversary, while 6% have used the sports team they support as their password.

While these passwords are easy for people to remember, it could be putting their accounts at risk of being broken into by criminals. Attackers could scrape information from public social media posts that could provide hints to things like pet names. They could then attempt to use this information to breach accounts.

SEE: Security Awareness and Training policy (TechRepublic Premium)

They could also use a brute force attack tool to attempt to crack accounts, which use simple one-word passwords with relative ease. The use of default credentials like 'password' also provides cyber criminals with an easy method of breaching accounts.

By using a weak password, people could be putting personal information or financial details at risk – especially if that same password is used across multiple accounts.

They could even potentially put their employer at risk from cyberattacks, if the stolen password is also used to secure corporate accounts and cyber criminals attempt to see if the password they've taken from a personal account works.

The NCSC is, therefore, urging people to follow their advice and make passwords three random words to help secure their accounts. The idea is that three words are relatively easy to remember, but by making them random, it'll stop cyber criminals from being able to guess their way into accounts, even with the aid of brute force tools.

"We may be a nation of animal lovers, but using your pet's name as a password could make you an easy target for callous cyber criminals," said Nicola Hudson, NCSC director for policy and communications.

"I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords, which recommends using passwords made up of three random words."

The NCSC also recommends that users should make sure their email password is separate to any other password they have, because if an attacker does steal your email user name and password, it could provide them access to other sites that use your email address as the login name.

SEE: Three billion phishing emails are sent every day. But one change could make life much harder for scammers

In addition to this, the NCSC suggests that users should save passwords to their web browser. Not only does this allow users to easily login to websites, it also helps protect them against some cybercrime – for example, the password manager won't work if the website is a fake version of the website designed to steal credentials.

It's also recommended that users should turn on two-factor authentication to provide an additional barrier to attacks.


Editorial standards