Want to hack into somebody's account?*
Here's how you do it: type in the name Bella.
It's statistically likely to work. Often.
- It's the most popular name for both dogs and cats (in the US, at any rate, while "Charlie" is big for UK pets), and
- Pet names are the most common passwords.
No, seriously? We're using Fido and Binky and Fluffy as passwords? Oh, my head.
This news comes from Google Apps, discovered recently when it commissioned a survey of 2,000 Brits.
Here are the Top 10 most common passwords, according to Google Apps' survey:
- Pet’s name
- Significant dates (e.g. wedding anniversary)
- Date of birth of close relation
- Child’s name
- Other family member’s name
- Place of birth
- Favourite holiday
- Something related to favourite football team
- Current partner’s name
- The word "Password"
The company put out a statement with a slew of other depressing, albeit unsurprising, password head-bangers.
- 67% of us only change passwords when we have to.
- 21%, or one in 5, people admit to having clicked on spam links over the past year.
- 3% of those surveyed write down passwords on a Post-It note that they then glued around their desks.
- 48% share passwords with others like so many germ-saturated hankies.
- Only 41% of respondents updated their antivirus software this year.
- 19% have walked off and left their computer without logging out of a service.
- 15% of Brits admitted to peeking into their partner's emails, thanks, one assumes, to their partners having sashayed away without logging out.
Eran Feigenbaum, Director of Security, Google Apps, said this about the sashaying-away finding:
“People often leave their information open to online security breaches without even realizing it. Lax attitudes to online security can lead to serious consequences if strangers access your information.”
The steps he recommended for making passwords less entirely-super-easily-guessable-by-anybody-on-the-planet are simple:
- Choose more complicated passwords.
- Always log out of services.
- Consider using two-factor authentication.
Back in the bad old days, before I discovered the joy of password management software (thank goodness for LastPass! Or KeePass, or 1Password), I too would, on occasion, use my cat's name as a password.
But, influenced by the magical password-convolution technique, I switched to using my cat's full name - or, rather, as many characters of my cat's full name that a given site would digest without regurgitating a "too many characters" message.
That's a passphrase rather than a password.
If you're reading news on a security site, you likely don't use "Bella" or "password" as a password, but you most assuredly know people who do.
Talk them out of it. Talk them out of passphrases, too, no matter how unique.
Complicated passphrases still have to be remembered, lest they get repeated between sites. A crook who cracks one has cracked them all, in the case of password reuse.
Talk your pet name-using acquaintances into password management software so they don't have to concoct their own hard-to-guess passwords or passphrases and don't feel the need to scribble down elaborate phrases.
Then, when you find them walking away without logging out, use all those Post-Its to plaster their screen with tsk-tsk messages.
(*Don't hack into anybody's account. It's not nice and it's illegal.)