123456: The Password Predicament

Cybersecurity
Written By Roger Olivares

Its 2023, who is still using this password?

The reality of our digital landscape is that "123456" has earned the dubious distinction of being the most commonly employed password in 2022/2023.

Top 10 Most Common Passwords - Source [Password Manager]

#1 [123456]

#2 [123456789]

#3 [querty]

#4 [password]

#5 [12345]

#6 [12345678]

#7 [111111]

#8 [1234567]

#9 [123123]

#10 [1234567890]

#1 [123456] #2 [123456789] #3 [querty] #4 [password] #5 [12345] #6 [12345678] #7 [111111] #8 [1234567] #9 [123123] #10 [1234567890]

Why would anyone still be using a password such as this?

The answer to this question is open ended and can be any combination of the following below. Keep in mind its not just limited to those below.

  • The account is being shared amongst multiple users and they utilized a simple password for ease.

  • The default password to a product or tool did not require a reset upon first login and it was never addressed.

  • It holds sentimental meaning to the individual, making it difficult to shift away after utilizing it for so long.

  • The system the account is utilized for does not enforce strong passwords.

  • The individual sits in a seat of authority within the organization allowing them sway over baseline standards.

  • Remembering multiple passwords can feel overwhelming.

  • Password fatigue due to managing multiple passwords or authenticating often has led the user to utilizing a simple password.

  • Lack of education on password hygiene and updated standards.

How do we shift towards better passwords?

You can find hundreds of articles on the internet providing this information. Below you will see varying renditions of articles explaining proper password etiquette.

Instead of revisiting the details covered in those articles, let's approach the topic from a different angle. Most of the articles target the individual and policies can be carried over to an organization but…

Organizations should be the proactive driving force in password etiquette.

While organizations should put their trust in users, they will only be as proactive as the organization enables them to be. Organizations should look to password etiquette as one of the pillars of identity management and encapsulate it within multiple systems.

  • Organizations are encouraged to proactively involve their users in annual training sessions. Such training not only covers essential fundamentals but also ensures that best practices remain at the forefront of their day-to-day activities.

  • In the digital era, service accounts have proliferated to seamlessly interconnect various cloud platforms. Password vaults play a crucial role by enabling accounts to employ unique and highly intricate passwords, distancing them significantly from everyday passwords.

  • Organizations are advised to implement an identity management solution, establishing a standardized set of password requirements that users must meet to fulfill the organization's deemed acceptable minimum.

  • While MFA traditionally serves as a secondary identifier, its potential as a primary form of authentication becomes apparent once specific criteria are satisfied. By doing so, users can avoid the fatigue associated with frequent authentication using complex passwords.

  • Whether it's encouraging users to embrace passphrases for their credentials or contemplating the complete elimination of passwords, the password landscape is undergoing a transformation. Staying attuned to these evolving trends will position your organization to seamlessly adopt new methodologies.

Do we believe there is a best policy?

While it would be convenient to have a one-size-fits-all policy, the reality is that each organization is inherently unique, characterized by distinct layers of workflows and processes. While the universal goal is to secure accounts, the definition of "secured" is inherently contextual and dependent on the specific circumstances of your organization. Embracing this individuality allows for a tailored approach to security that aligns seamlessly with your unique operational landscape and mitigates potential vulnerabilities effectively.

Looking for more insight? Lets chat about it!

Roger Olivares
Previous

Single Sign-On: Seamless With Friction
Next

Hello World!