Copyright forbes
Change all these passwords now. Take a moment and be honest with yourself. Are your passwords a disaster waiting to happen? When was the last time you took a moment to consider whether to change any? How many pet, band or kids’ names do you use? Are you a hacker’s dream? On your personal accounts this is serious enough. But at work it’s so much worse. And while Microsoft and others warn that multi-factor authentication (MFA) stops 99% of successful password attacks, countless organizations don’t yet mandate MFA. If ever there was a wake-up call for employees to change their passwords it’s this: "For the first time," says NordPass, “we looked at passwords used by public sector employees. Leaks and breaches in the public sector are particularly dangerous. They don’t affect just the organization but can threaten the security of citizens at large.” ForbesApple Starts Silently Updating Your iPhone—Do Not Stop ThisBy Zak Doffman NordPass matched passwords with email addresses and public sector domains. “Based on the findings, thousands of data points belonging to public sector employees in six countries, including email addresses, first and last names, phone numbers, and other personally identifiable information, have been exposed since the beginning of 2024.” MORE FOR YOU Compromised data was linked to the U.S. Department of Defense and Department of State, as well as the U.K. Ministry of Justice (responsible for prisons), Home Office (responsible for policing), Ministry of Defence, and HMRC, the country’s IRS. If your work systems — including email — mandate MFA, then you can relax a little. You still need strong passwords, but you haven’t left your key in the lock. But so many systems do not. All a hacker needs are your credentials to tap your employer’s systems. And that could be an initial entry point for a serious ransomware attack. New advice from America’s National Institute of Standards and Technology (NIST) is something of a game-changer when it comes to selecting good passwords. “Humans have a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.” And past best practice hasn’t helped. You have been told to include numbers, caps and special characters. But, NIST says, “breached password databases reveal that the benefit of such rules is less significant than initially thought, and the impacts on usability and memorability are severe.” ForbesSamsung And Google Issue Update Warning—No Fix For 1 Billion UsersBy Zak Doffman Instead, “password length is a primary factor in characterizing password strength," with “passwords that are too short yielding to brute-force attacks and dictionary attacks.” You can see this illustrated in research from Hive Systems. Length beats complexity. Unfortunately, if your work IT team has gone for complexity, it may not end well, warns NIST. “A user who might have chosen ‘password’ as their password would be relatively likely to choose ‘Password1’ if required to include an uppercase letter and a number or ’Password1!’ if a symbol is also required.” Long and simple is better. Helpfully, NordPass also collates an annual list of what bad looks like. Here are the top 25 most common (aka worst) work passwords across all countries. You can find the full list on this website, including breakdowns by country. Suffice to say, if any of your passwords have made that list, stop reading articles online and change them now. Yes really, now. 25 worst passwords at work. Editorial StandardsReprints & Permissions
