Here’s What You’re Doing Wrong With Your Passwords – And How To Fix It
Experts warn that passive laziness puts millions of Australians and the companies they work for at risk of cybercrime, with an estimated two-thirds of Australian businesses and large corporations vulnerable.
Cybersecurity expert Lawrence Patrick of Zirilio says using default passwords poses significant risks.
Learn more about password protection in the video above
Watch the latest news on Channel 7 or stream for free on 7plus >>
“Using a default password may seem like an easy option to remember, but the problem is that cybercriminals also know the default passwords,” says Patrick.
“There is a real problem with companies not taking enough steps to improve their cyber defenses. Most computers, hardware, and software are set up so you can use them immediately, but the assumption is that you go back and change the default password to make it more secure.”
The Single Email That Cost an Australian Woman $732,000
US tech giant Microsoft says the most commonly used password last year was “admin,” which is currently used by more than 20 million people worldwide.
Other popular combinations include “123456” and the word “password,” according to research by the password management company WordPress.
If you use these passwords for Facebook, Instagram, and Gmail, change them now.
Jay Hira, a former security and compliance consultant at software company Salesforce, said common words and personal information should be avoided when creating a password.
“The use of personal information such as your date of birth, father’s middle name, mother’s maiden name, etc., is all too common,” Hira said.
“Reusing passwords over time and using the same password across multiple platforms are other common mistakes we’ve all made.”
With more people working from home in recent years due to the COVID-19 pandemic, data theft and hacking are at record levels, according to the latest data.
The Australian Cyber Security Center registered 67,500 cybercrime reports in 2021, an increase of nearly 13 percent from the previous fiscal year.
Fraud, online shopping scams, and online banking scams were the most commonly reported types of cybercrime. In addition, self-reported losses from cybercrime totaled more than $33 billion, according to the ACSC’s latest annual cyberthreat report.
Sophisticated hackers often employ sneaky tactics such as sending fake text messages with suspicious links to unsuspecting users to gain increased access to private information.
Last year, Microsoft discovered more than 280,000 cybersecurity breaches. About 98 percent of the attacks used passwords with less than ten characters.
In addition, only 2 percent contained a special character, and research by Proofpoint found that 42 percent of working Australians use the same password for multiple accounts.
Victoria Police recognizes cybercrime as “a key facilitator” of organized crime.
“(We) remain unwavering in (our) commitment to minimize the impact cyber-dependent and technology-enabled crime has on the Victorian community,” a spokesperson said.
“Cybercrime poses a complex and fast-moving threat and is nationally recognized as a major facilitator of serious and organized crime.
“There are many practical ways for Victorians to protect themselves online. The resources available on the Australian Cyber Security Center website are a great place to start.”
Experts say that long and complex passwords with a combination of numbers, letters, and special characters are generally the strongest.
“You can do smart things, like use a phrase from a poem, book, or song,” Patrick said.
“If you want to make it even stronger, you can make an abbreviation that doesn’t mean anything to anyone but makes sense to you.”
He also recommended using the Have I Been Pwned website, which tracks password breaches.
The rise of facial recognition software means memorizing seemingly endless passwords will soon be a thing of the past.
“You’ve probably noticed that tech companies are pushing hard to…let us use facial recognition,” Patrick said.
“Soon,hing will be biometric. It just becomes a face scan, a retina scan, or a fingerprint linked to your identity, and that’s how you log in and authenticate yourself.”