Our apologies, but if you’re using your favorite band in your password, it’s time to turn around and try something else.
In honor of the 2021 Grammys, Specops Software has released a new analysis of over 800 million broken passwords to find which top-selling musical artists are included most often. Top of the list? It’s REM
The list extracted any entry in Specops’s compromised password database that contained an artist or band name included in Wikipedia’s list of top-selling musical artists. It is possible that some of the entries, like REM, are part of other words, or that groups like Chicago, the Eagles and Pink refer to the city, the animal or the football team, or to the colour.
SEE: Identity Theft Protection Policy (TechRepublic Premium)
That said, this is an entertaining glimpse of a common problem: passwords are frequently reused, and compromised passwords that seem popular allow attackers to easily gain access to otherwise secure networks.
âThis password data post is fun and continues to highlight how we humans choose our passwords. We’re pretty predictable, and hackers know it, which is why it’s important. to block the use of known compromised passwords, âsaid Darren James, Product Specialist with Specops Software.
In total, the 20 artists included in the list are:
- To kiss
- Jay Z
- AC DC
If you could turn back time, you probably wouldn’t give pirates a chance to start the party. If not, it’s probably already too late, so it’s best to see the sign of the times: you can be a gamer but don’t be a fool with your online safety. Here are some ways to avoid risking bad passwords.
Use a password manager
Password managers are usually protected by a master password, and behind that single sign-on are all (hopefully unique) passwords for online accounts. Many password managers even auto-populate logins and suggest unique, random passwords that are nearly impossible to guess or brute-force bypass.
Don’t write it down
Storing passwords in a secure app is one thing, but you should never store passwords on paper, in plain text documents, or other easily accessible records.
Enable multi-factor authentication whenever possible
Multi-factor authentication involves the use of additional identity verification when signing in to an account. The security of these different forms varies, but the use of a one-time code, physical security device, biometric data, or other additional factors can go a long way in securing an account.
IT: Audit passwords
IT security professionals must take a contradictory approach to password security by auditing users with tools like John The Ripper or other software designed to crack passwords. Users whose accounts are hacked should be forced to change their passwords and trained in password hygiene.
SEE: Social Engineering: Checklist for Professionals (Free PDF) (TechRepublic)
Learn good password hygiene
It’s easier said than done, but there are plenty of tips you can use to make your passwords harder to guess:
- Never reuse passwords: Breaches are common, and passwords can easily be linked to usernames on other sites.
- Make long sentences for passwords: Instead of a word with special characters, use a whole sentence or obscure lyrics instead of an artist’s name.
- Let password managers automatically generate passwords
- Beware of secret questions: social media and a little investigative work make them easy to guess when tied to personal details. If you can’t ignore them, make sure you make them long and complex, just like a good password.