Experts have warned password laziness puts millions of Australians and the companies they work for at risk of cyber crime, with an estimated two-thirds of Australian businesses and large corporations vulnerable.
According to cyber security expert Lawrence Patrick of Zirilio, the use of default passwords specifically poses significant risks.
Ahead of World Password Day, Patrick outlined that using a default password may seem like an easy option to remember, but the problem is, cyber criminals know the default passwords too.
“There is a real problem with companies not taking enough steps to increase their cyber defences.
“Most computers, hardware and software, are set up to allow you to use them right away but the assumption is that you’re going to go back and customise the default password to make it secure,” Patrick said.
US tech giant Microsoft says the most commonly used password last year was “admin”, which is currently being used by more than 20 million people across the globe.
Other popular combinations include “123456” and “password”, according to research by password management company NordPass.
Former security and compliance advisor at software company Salesforce, Jay Hira, added that common words and personal information should be avoided when creating a password.
“Use of personal information such as your date of birth, father’s middle name, mother’s maiden name etc, are all too common.
“Password reuse after a period of time and using the same password across multiple platforms are other common mistakes that we’ve all made at some point,” Hira said.
With more people working from home in recent years due to the COVID-19 pandemic, data theft and hacking is at record levels according to the latest data.
The Australian Cyber Security Centre recorded 67,500 cyber crime reports in 2021, this figure is up nearly 13 per cent from the previous financial year.
Fraud, online shopping scams and online banking scams were the top reported cyber crime types and additionally, self-reported losses from cyber crime total more than $33 billion, according to the ACSC’s latest annual cyber threat report.
Sophisticated hackers often use sneaky tactics such as sending fake text messages containing suspicious links to unsuspecting users in order to gain elevated access to private information.
Last year, Microsoft found more than 280,000 cyber security breaches. About 98 per cent of attacks used a password with less than 10 characters.
In addition, only 2 per cent contained a special character and Proofpoint research found 42 per cent of working Australians use the same password across multiple accounts.
Victoria Police recognises cyber crime as “a key facilitator” of organised crime.
“Cyber crime presents a complex and fast-moving threat and is recognised nationally as a key facilitator of serious and organised crime.
“There are many practical ways for Victorians to protect themselves online.
“The resources available on the Australian Cyber Security Centre’s website are a great place to start,” a Victoria Police spokesman said.
Experts say long and complex passwords with a combination of numbers, letters and special characters are generally the strongest.
Patrick added that using a phrase from a poem, or a book or a song is a “clever” way to choose a password that is easy to recall.
“If you want to make it even stronger, you could create an abbreviation that doesn’t mean anything to anyone but makes sense to you,” Patrick said.
He also recommended using the website Have I Been Pwned, which tracks password breaches.
The rise of facial recognition software means remembering seemingly endless passwords could soon be a thing of the past.
“You’ve probably noticed technology companies are pushing really hard to … get us to use facial recognition,” Patrick said.
“Soon everything will be biometric. It will just be a face scan or a retina scan or a fingerprint tied to your identity and that’s how you will log in and authenticate yourself.”