Yesterday, password manager SplashData released their “Top 100 Worst Passwords of 2018” list. The list compiles the most easily cracked, predicted, or guessed passwords used throughout the Internet, drawing from over 5 million passwords.
Weak passwords are the bane of any enterprise’s identity and access management platform or strategy. A weak password essentially lays out the welcome mat for both external hackers and insider threats; a weak password belonging to a privileged user can result in untold devastation to enterprises’ proprietary data or networks. Moreover, weak passwords often end up for sale on the Dark Web as a result of other data breaches, allowing hackers to use them in credential stuffing attacks.
Yet users persist in using weak passwords. According to sources, many don’t trust themselves to remember stronger (and thus more complicated) passwords. They also don’t wish to subject themselves to the oft-tedious password recovery process. According to SplashData, nearly 10% of users selected at least one of the 25 worst passwords for one of their accounts. Many users know the risks involved with a weak password but continue to use one anyone; corporate culture has not yet shifted to prioritizing cybersecurity over business process efficiency.
The Top Ten Worst Passwords of 2018 compiled by SplashData are:
SplashData recommends enterprises mandate more complex passwords or passphrases, avoid repeated passwords, and incorporate a password manager into their identity and access management platform to avoid the perils of weak passwords.
Solutions Review agrees with these recommendations. We add that your enterprise investigates and invests in two-factor or multifactor authentication protocols. These will allow your enterprise to take some of the burdens off of passwords as your sole authentication factor, securing your enterprise more thoroughly without sacrificing efficiency. You may also want to consider single sign-on (SSO) to avoid repeated passwords and ensure more control over your users’ passwords.
You can learn more about SplashData and its findings on worst passwords here.