Western Australia is known for many things. But thanks to a recent security audit, its government has now become synonymous with lazy passwords.
You know, the kinds that get hacked in the blink of an eye.
According to the Western Australian Auditor General’s Report, which you can read in its entirety here, insecure passwords abound across the Western Australian government’s 17 agencies. The report found that 26% of government officials had weak, common passwords.
Yes, you heard that right. More than 5,000 passwords actually included the word “password,” nearly 13,000 used some variation of the season and/or date, and another 7,000 used a version of “123.”
The 10 most common passwords within the government’s agencies, based on the audit:
- Password123 (1,464 instances)
- Project10 (994 instances)
- support (866 instances)
- password1 (813 instances)
- October2017 (226 instances)
- Monday01 (225 instances)
- Spring17 (198 instances)
- Sunday01 (188 instances)
- password (184 instances; we kid you not)
- abcd1234 (176 instances)
Keep in mind that many of the accounts in the audit were used to access critical systems and other information needed to keep the Western Australian government up and running. One auditor was even able to access an agency’s network with full administrator capabilities by simply guessing the password “Summer123,” according to the Washington Post.
This may all sound pretty laughable. But in a cybersecurity landscape where 63% of data breaches come from insecure passwords, “Password123” is a serious matter.
Why weak passwords matter
In today’s digital world, hackers have more access points than ever before. And as organizations implement new security strategies, cyber criminals are quickly adjusting—and continuing to wreak havoc.
By 2021, cyberattacks will cost an astounding $6 trillion globally. To ward off these dangerous attacks, global corporations are spending $80 billion on cybersecurity annually. Yet passwords remain a critical point of vulnerability for many organizations and systems.
By 2021, cyberattacks will cost an astounding $6 trillion globally.
Research shows that 3 in 4 online users use the same password across all their accounts. Nearly 1 in 2 web users haven’t changed their password in more than 5 years. Given these statistics, it’s no surprise that 40% of industrial computers were hacked in 2016—and hackers know that weak passwords are their golden ticket in. More than 90% of attackers go for user credentials when trying to enter company systems.
That makes passwords like, well, “password” a major security risk.
The right kind of passwords
It’s obvious that “Password123” isn’t up to par, especially in a cybersecurity landscape where hackers are getting smarter by the day. But it’s no longer enough to simply switch up your password with the season or use a different family member’s birth date.
If you want to keep your accounts secure, complex passwords are the name of the game. Here are a few quick tips on selecting smarter passwords:
- Avoid the most commonly-used passwords: 12345 (and 123456), password and qwerty should each be a no-go if you’re serious about keeping your system safe from hackers.
- Use a different password for each account: The majority of users select the same password for all their accounts. Switch it up so that if one account does get hacked, the others don’t fall with it like dominos.
- Make your password complex: Go beyond the typical 8-character minimum, and take your complexity a step further by adding symbols or numbers. There are also plenty of auto-generators online that will take the guesswork out of creating a complex password.
- Authenticate, authenticate, authenticate: Using 2-factor authentication (2FA) results in better security for 86% of people who adopt this strategy.
And it goes without saying that if there is a breach—or in the case of the Western Australian government, a publicly-published password audit—it’s time to switch up your passwords across the board. (We’re looking at you, “Password123” users.)
Luckily, the officials in Western Australia are now implementing measures to help their employees get more savvy on cybersecurity. With the right password practices and an expert partner, your organization can also avoid the serious repercussions of a security breach.