Find out if you have if one of the worst passwords of 2018, while Compliance Compendium chief business development officer Gareth Gadd explains why the issue is so important.
We all use online services there’s days, whether it’s for business or pleasure, or maybe paying your taxes.
Almost every service that you use requires a password, and these days your web-browser-of-choice will suggest and generate a strong random password for you. Yet, despite this assistance, it seems that people use the same password for all the websites they visit and, worse than that, will choose an easily guessable password, or using simple password creation strategies like Theresa1 and Theresa2…for different sites.
To highlight the problem, American password security company SplashData lists the 100 worst passwords and it recently published its annual list of 100 worst passwords for 2018. This is done in the hope that, with recognition of the problem, people will try harder to improve their password security. The top 10 are laughable – if it wasn’t a serious matter.
The top 10 worst passwords of 2018 ranked
1. 123456 (Unchanged)
2. password (Unchanged)
3. 123456789 (Up 3)
4. 12345678 (Down 1)
5. 12345 (Unchanged)
6. 111111 (New)
7. 1234567 (Up 1)
8. sunshine (New)
9. qwerty (Down 5)
10. iloveyou (Unchanged)
So why does it matter? If your online services can be used to buy things or give access to your financial details or company resources, then there will always be people trying to steal from you. Let’s face it, breaking into your online account carries a lower criminal penalty than threatening you at knifepoint so criminals are positively encouraged to move to move towards online theft. Then there is the fact that such crimes can be committed globally. A number of techniques are used by criminals such as guessing (see above), phishing, interception over a network, sneakily watching over someones shoulder, key loggers, and other electronic techniques. My personal favourite though is the post-it note left on someones computer with their main log in details. Nice!
The UK government gives advice on setting passwords and this should be adhered to because although the UK Data Protection Act does not say anything specific about passwords, Article 5(1)(f) states that personal data shall be “Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
This is where I feel that the the legislation could be improved because (logically) as soon as someone unlawfully gains access to your IT then this is a data breach. A data breach is a much more serious matter!
Compliance Compendium provides a DPO as a Service solution and offers advice on policies and policy documentation.
Copyright © 2018 RegTech Analyst
