NCSC: Large Number of Brits Are Using Easily Guessable Passwords

Written by

A substantial proportion of Brits choose passwords that are easy for cyber-criminals to predict, leaving them vulnerable to hacking.

This is according to an independent survey carried out on behalf of the UK’s National Cyber Security Centre (NCSC). This found that when protecting their online accounts, people regularly use predictable passwords. These include pet names (15%), family members’ names (14%), a significant date (13%) and a favorite sports team (6%).

Additionally, 6% of respondents admitted using ‘password’ as all or part of their password, which means millions of accounts could be easily breached by trial and error methods of common codes.

Weak password security has become an even greater issue in the past year as a result of the shift to online services during the COVID-19 crisis. The survey revealed that 27% of people have at least four new password-protected accounts compared to this time last year.

In response to the findings, the NCSC has advised people to make passwords with three random words to ensure they are difficult to hack.

Nicola Hudson, NCSC director for policy and communications said: “We may be a nation of animal lovers, but using your pet’s name as a password could make you an easy target for callous cyber-criminals.

“I would urge everybody to visit and follow our guidance on setting secure passwords which recommends using passwords made up of three random words.

“You can even use our Cyber Action Plan tool to generate tailored, free of charge advice to improve your security against online attacks.”

Commenting, Colin Truran, senior risk, compliance and governance advisor at Quest said: “The recent study from the NCSC highlights just how imperative it is we talk about the problem of password reuse and opting for easy to remember terms such as a pets’ name. Many of us recognize this problem, but as human beings we will continue to opt for easy passwords – it’s a habit of convenience.

“Even the growing trend of forcing users to update their passwords regularly is not helping as the majority of people are just numbering their passwords, or cycling through a handful of regulars. With data breaches hitting the news on an almost weekly basis, and ‘credential stuffing’ techniques being used to great effectiveness against organizations, this does very little to impede a cyber-criminal.” 

Ian Pitt, CIO at LogMeIn added: “Online security risks have risen substantially over the past year, but employing basic password security practices will go a long way in keeping users secure. This means using long, randomly generated passwords that are unique to every single account and contain lower and uppercase letters, digits and symbols. Simple solutions like password managers, also kill two birds with one stone as they can be used to both generate and store unique passwords for every log-in.”

What’s hot on Infosecurity Magazine?