top of page

Are you re-using passwords?


youtube malware

A few days ago, I sat down with a group of trusted friends to share some questions from the Riskara 360 Employee Risk Assessment we’ve been developing at Cypac. When we got to this particular question, everyone’s reaction was pretty much the same:


"I use a unique password for every work and personal account."


“Uh, no,” was everyone’s response. If this small group is anything like the general population, it’s safe to assume most of us have reused the same password across multiple websites.


This quiet habit has turned into a BIG problem. When your passwords are stolen and sold on the dark web, bots and cybercriminals use them to try logging into every service they can find with your leaked email and password combinations.


The Takeaway


A new report from Nordpass reveals the top 200 passwords used worldwide, including in corporate environments.


Top 200 Passwords in the World (2024)



Top 200 Passwords Used by Companies (2024)



Take a moment to review these lists. If you find any passwords you’re using, change them immediately. My favorites were: gwerty, princess and tinkle :P


What should you do now?


Follow these clear guidelines for excellent password hygiene:


1) Use strong, unique passwords. Each password should be at least 12 characters long and avoid personal information like birthdays, names, or addresses.


2) Don't reuse passwords across accounts. If one account is breached, hackers can access others if you’re using the same password.


3) Use a password manager. Tools like LastPass, 1Password, Bitwarden, and KeePass can securely store and generate strong passwords for you.


4) Use multi-factor authentication (MFA) whenever you can. This adds an extra layer of security beyond passwords, such as SMS codes, authenticator apps like Google Authenticator or Duo, or hardware keys like YubiKey.


5) Avoid writing passwords down. Don’t store them in Excel files, sticky notes, or unsecured notepads.


For extra credit, visit haveibeenpwned.com to check if your email address has appeared in any data leaks.


It’s up to all of us to educate our friends, family, and coworkers about evolving cyber threats. Sharing best practices like these can help keep everyone safe.


Stay safe out there.


-Attila


P.S. The Riskara 360 Employee Security Risk Assessment is designed to evaluate your company’s strength in four key areas:


1) Awareness – How well do your employees understand cybersecurity risks and practices in the workplace?


2) Behaviors – What security-conscious actions are employees consistently taking in their day-to-day work?


3) Habits – Which security practices have become automatic and ingrained through repeated behaviors?


4) Resilience – When awareness, behaviors, and habits are combined with company policies, they reveal how prepared your organization is to withstand theft, cybercrime, and disaster.


We're looking for pre-release feedback - click here to request early access.

 

New Friday Funnies

 

How to mess with hackers... Username: Password Password: Username

My dad told me his password is: MickeyMinnieGoofyDonaldPlutoHueyLouieDewieDublin

Because he was told his password had to contain 8 characters and at least one Capital


Comments


bottom of page