In recent years hackers have shifted their primary aim from individual consumers to large retailers and corporate networks because it offers more bang for the buck.
It's a good thing too, because most of us individual consumers are sitting ducks.
Make no mistake, hackers still launch attacks on individuals. It's one way they harness millions of individual zombie computers to carry out their various nefarious deeds. And Keeper Security, a cyber security firm, says consumers make it easy for them by using pathetically-easy passwords.
In its blog, the company said it reviewed the passwords that leaked to the internet from data breaches in 2016, looking for the year's most common passwords. Incredibly, it found nearly 17% of consumers are still using “123456” as a password. That was number one. Believe it or not, the eighth most-common password in 2016 was “password.”
Keeper Security says the main takeaways from its analysis include the fact that the list of most-used passwords hasn't changed much over the years. In other words, we haven't gotten very creative.
“While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves,” the company writes. “IT administrators and website operators must do the job for them.”
Long passwords are best, but four of the top 10 passwords on Keeper Security's list, and seven of the top 15, are six characters or shorter. Those passwords are no match for hackers' state-of-the-art tools that can break those flimsy passwords in seconds.
Less random than you think
Some consumers may think they're well ahead of the hackers by using passwords like “1q2w3e4r.” When you look at the sequence of numbers and letters it may appear random, but it's not. If you'll glance at a qwerty keyboard, you'll quickly see the combination is assembled by moving diagonally to the right from the number row to the top letter row. It's little more inventive than “123456.”
The company says email providers should be doing a better job of using their services for spam delivery, and the way to do that is by enforcing tougher password rules.
“We can criticize all we want about the chronic failure of users to employ strong passwords. After all, it’s in the user’s best interests to do so,” the company writes. “But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies. It isn’t hard to do, but the list makes it clear that many still don’t bother.”
Keeper Security said it had no trouble finding passwords published on the internet. It says there were at least 10 million of them, the result of 2016's data breaches.