Some of the world’s most vulnerable passwords; does it include yours? (World Password Day)

World Password Day is observed on May 2nd every year to raise awareness on the criticality of using strong passwords. Recently Sophos conducted a research that showed 123456, 1234, admin, ubnt and 12345 are the five most attempted passwords used by cyber criminals to enter the Mumbai cloud server honeypot.

The findings of its report, Exposed: Cyberattacks on Cloud Honeypots, which reveals that ‘123456’ was the most attempted login password in the Mumbai cloud server honeypot that saw more than 1,376 login attempts by cyberattackers within a span of 30 days.

How does your password look like?

The honeypots were setup in 10 of the most popular Amazon Web Services (AWS) data centers in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period. A honeypot is a system intended to mimic likely targets of cyberattackers, so that security researchers can monitor cybercriminal behaviors.

Passwords are an important aspect of computer security – they are the front line of protection for user accounts in a very wide variety of services and systems. Unfortunately, people are not changing factory default passwords, which cybercriminals are counting on to carry out their attacks. Building strong, unique passwords and using a password manager to keep track of them is a best security practice everyone should use in this digital age

Sunil Sharma, managing director sales, Sophos India & SAARC
Top 5 passwords (Mumbai)No. of login attempts
(Mumbai)
Top 5 passwords (Globally)No. of login attempts
1234561,37612345615,785
12341,335Admin12,605
Admin1,15612349,583
Ubnt912password9,034
12345761123457,145

Sophos recommends the following four tips for building a stronger password:

  • Enable multi-factor authentication (MFA): Enable multi-factor authentication wherever possible. This adds an additional layer of protection against someone trying to access personal accounts.
  • Use complex passcodes for devices: It’s not just passwords for email addresses and social media accounts that need to be secure. Ensure that the login for laptops and mobile phones also have complex passcodes.
  • Use a password manager: To give passwords the best possible chance of not appearing on Pwned Passwords, use a properly secured password manager that will create and store secure passwords.
  • Learn how to choose proper passwords: Most of people end up with dozens of online accounts and have to create passwords all the time. Even with a password manager, create one really excellent password is needed to lock the central ‘password vault.’
  • Use unique passwords for online banking: Sensitive accounts need special passwords. This includes banking and other accounts where financial data is accessed and stored.
10 ways to ditch bad passwords

About Sophos

Sophos is a leader in next-generation endpoint and network security. As the pioneer of synchronized security, Sophos develops its innovative portfolio of endpoint, network, encryption, web, email and mobile security solutions to work better together. More than 100 million users in 150 countries rely on Sophos solutions as the best protection against sophisticated threats and data loss. Sophos products are exclusively available through a global channel of more than 43,000 registered partners. Sophos is headquartered in Oxford, UK and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com.