The security group Rapid7 has released a new report that may prompt some alarm from web users who are heedless when it comes to choosing their online passwords.
Instead of using the passwords that internet users are the most likely to pick, the group took a different route and examined the passwords that cybercriminals are actually trying to use to hack into a number of systems including POS systems, kiosks, and computers.
The results of Rapid7's study found that a majority of the top passwords used by cybercriminals to break into systems are incredibly simple, which shows that most internet users are using passwords that are not diverse nor complicated enough. Some examples from the report include the passwords 'admin', 'x', 'Zz' and '1'.
The easiest way to gain access to a user or business' system is by guessing passwords. The software used by hackers will often try the most common passwords first. If a weak password is used between multiple accounts, cybercriminals will easily be able to gain access to many of a users' accounts.
Rapid7 set up a number of 'honeypots' in the form of websites that appeared as their normal counterparts, but were actually set up to entice cybercriminals into attempting to access them. The study ran for a total of 12 months and the honeypots set up had a total of 221,203 different log-in attempts that came from 5076 devices. The attempts originated from 119 different countries and 1806 different usernames and 3969 passwords were used. Around 662 login attempts occurred each day by cybercriminals.
The top 10 most guessed passwords from Rapid7's report were x, Zz, St@rt123, 1, P@ssw0rd, bl4ck4ndwhite, admin, alex, …...., and administrator.
If you or anyone you know is using a weak password or the same password across multiple accounts, now is the time to get your passwords in order.