Is your password safe ?

If your password happened to be 123456, 123456789, qwerty, password or 1111111, then you got to be wary, as these passwords are the top 5 common passwords according to National Cyber Security Centre (NCSC). The top 20 most common passwords according to NCSC in 2019 by ranking:

1          123456

2          123456789

3          qwerty

4          password

5          1111111

6          12345678

7          abc123

8          1234567

9          password1

10        12345

11        1234567890

12        123123

13        000000

14        Iloveyou

15        1234

16        1q2w3e4r5t

17        Qwertyuiop

18        123

19        Monkey

20        Dragon

With the increasing sophistication of online hacking, scams and phishing, it is important that you maintain a password that is unique, easy to remember and at the same time, does not contains any personal information eg name, address, gender. date of birth etc. In order to increase the strength of the password security, the following is recommended:

  1. Increase the minimum password length beyond 8 characters.
  2. Increase maximum password length.
  3. Do not use the user’s name or username inside passwords.
  4. Change your password frequently eg every 3 months
  5. No name, or personal information should be used in username and avoid using common user name eg admin, administrator etc

In security critical transactions relating to financial and banking, a 2 factor authentication on top of the username and password is required. This second factor password by way of another delivery mode via mobile SMS helps to ensure additional security. Unauthorised access through compromised first factor of username and password is prevented as the transaction cannot be completed without entering the second factor of password.

However, implementing a second factor authentication for all accesses should not be the way to allow a weaker username and password, as the first factor remains as the core factor of authentication. A weaker user discipline to password security will lead to a weak first factor and render the 2 factor authentication down to a only one factor eg mobile SMS.

Beside the cost implementation of platform for second factor, the additional charges relating to the running of the second factor authentication services, ie mobile SMS charges, SMS management system maintenance etc, will add to the business cost for providing the additional second factor of authentication. In addition, user experience may be impacted and the interface needs to be redesigned for the additional time and step to complete the authentication process.

That brings us back to the basics in protecting our own password security. Discipline in password maintenance, creating a strong password and changing the password frequently goes a long way in ensuring our own personal security.