The annual list of the 25 Worst Passwords of the Year, compiled by SplashData, was released a couple of weeks ago. While most seem surprisingly easy to guess, amazingly they’re also the most popular. Topping the list is password, yes that’s right, password is the most common word online users choose to protect their most valuable electronic assets. It’s joined in the list by 123456, football and monkey? Hopefully your password is a little more difficult to crack than those. The list, which was compiled using passwords stolen and posted online by hackers, is a real eye opener. Corporations give employees a certain level of trust to protect data and keep hackers at bay, yet they’re failing miserably.
All it takes is access through one compromised user account and a good hacker will have a field day with the corporate network, forever damaging a company’s brand and reputation, potentially costing hundreds of thousands, or even millions of dollars. In fact, according to the 2010 U.S. Cost of a Data Breach study by the Ponemon Institute, the average organizational cost of a data breach last year was $7.2 million, which is about $214 per compromised record.
With so much at risk, it’s amazing that more companies don’t explore moving to Strong Authentication, which is simply adding another layer of protection to users’ logins. With multi-factor authentication, users combine something they have (a smart card or token) with something they know (a password or PIN). We talk about it a lot here in the Online Authentication department at Gemalto, rightly so since that’s our business, but it seems like common sense to act proactively and secure your data with more than just a simple word like abc123 (number 5 on the list).
Maybe it’s time to trustno1 (number 9 on the list) and stop depending on each and every one of your corporate employees to come up with a secure, difficult-to-hack password. Sadly for these companies, Superman (number 22 on the list) will not be able to come to the rescue when a hacker quickly gains access to your poorly-protected account.
You can read the entire list of the 25 Worst Passwords here.