Is your password safe ?
If your password happened to be 123456, 123456789, qwerty, password or 1111111, then you got to be wary, as these passwords are the top 5 common passwords according to National Cyber Security Centre (NCSC). The top 20 most common passwords according to NCSC in 2019 by ranking:
1 123456
2 123456789
3 qwerty
4 password
5 1111111
6 12345678
7 abc123
8 1234567
9 password1
10 12345
11 1234567890
12 123123
13 000000
14 Iloveyou
15 1234
16 1q2w3e4r5t
17 Qwertyuiop
18 123
19 Monkey
20 Dragon
With the increasing sophistication of online hacking, scams and phishing, it is important that you maintain a password that is unique, easy to remember and at the same time, does not contains any personal information eg name, address, gender. date of birth etc. In order to increase the strength of the password security, the following is recommended:
- Increase the minimum password length beyond 8 characters.
- Increase maximum password length.
- Do not use the user’s name or username inside passwords.
- Change your password frequently eg every 3 months
- No name, or personal information should be used in username and avoid using common user name eg admin, administrator etc
In security critical transactions relating to financial and banking, a 2 factor authentication on top of the username and password is required. This second factor password by way of another delivery mode via mobile SMS helps to ensure additional security. Unauthorised access through compromised first factor of username and password is prevented as the transaction cannot be completed without entering the second factor of password.
However, implementing a second factor authentication for all accesses should not be the way to allow a weaker username and password, as the first factor remains as the core factor of authentication. A weaker user discipline to password security will lead to a weak first factor and render the 2 factor authentication down to a only one factor eg mobile SMS.
Beside the cost implementation of platform for second factor, the additional charges relating to the running of the second factor authentication services, ie mobile SMS charges, SMS management system maintenance etc, will add to the business cost for providing the additional second factor of authentication. In addition, user experience may be impacted and the interface needs to be redesigned for the additional time and step to complete the authentication process.
That brings us back to the basics in protecting our own password security. Discipline in password maintenance, creating a strong password and changing the password frequently goes a long way in ensuring our own personal security.