A new study by Custard Technical Services has revealed the most common hacking technique that workers across the UK have experienced over the last year.
The UK-based IT support and security company discovered that weak passwords were accountable for 82 per cent of security breaches in the workplace where Multi-factor Authentication (MFA) systems were not in place - hackers are constantly attacking the passwords of non-MFA businesses using automated systems.
In November, NordPass published its annual list of the 200 most common passwords being used in 50 countries across the world. Their data revealed that ‘123456’ is the most popular password in 43 of those countries and is being used by 103,170,552 people.
If your password features on the list below, stop what you’re doing and change it immediately - and make it something complex using a mix of numbers, letters and characters.
Top 50 most commonly used passwords of 2021
To read the full list of 200 most common passwords for this year, visit the Nordpass website here.
- 123456
- 123456789
- 12345
- qwerty
- password
- 12345678
- 111111
- 123123
- 1234567890
- 1234567
- qwerty123
- 000000
- 1q2w3e
- aa12345678
- abc123
- password1
- 1234
- qwertyuiop
- 123321
- password123
- 1q2w3e4r5t
- iloveyou
- 654321
- 666666
- 987654321
- 123
- 123456a
- qwe123
- 1q2w3e4r
- 7777777
- 1qaz2wsx
- 123qwe
- zxcvbnm
- 121212
- asdasd
- a123456
- 555555
- dragon
- 112233
- 123123123
- monkey
- 11111111
- qazwsx
- 159753
- asdfghjkl
- 222222
- 1234qwer
- qwerty1
- 123654
- 123abc
How to turn on multi-factor authentication
To turn on multi-factor authentication simply visit your device settings under security and login and select how you would like to receive your second form of authentication - this can be through a text message or security key.
Most popular scams
The most common type of scam detected by Custard Technical Services was the cryptoscam, accounting for 72 per cent of the crimes recorded.
A cryptoscam involves a scammer pressuring the individuals into transferring money via cryptocurrency, often threatening to leak material that doesn’t actually exist.
Most cryptocurrency payments are irreversible and generally not protected by The Financial Conduct Authority (FCA) - as a result, it is very unlikely that victims of these scams will recover any money lost.
Commenting on the research, Robert Hinds, Security Specialist at Custard Technical Services, said: “Installing an MFA system hugely diminishes the vulnerability of a business by creating a multi-layered security system that requires users to follow several verification steps before gaining access to any resources. This defends from automated software that tries hundreds of thousands of passwords to breach your systems.
“For employees targeted by scammers asking for payments, ignore these emails. The worst thing you can do is respond to the email, as the scammer will know your email is active, so you’ll receive further messages. If possible, don’t open the email as many have tracking attached that detects when you’ve seen it.”
He added: “There’s been a rise in scammers impersonating a colleague or messaging from an email that looks familiar, so call that person or IT whenever you receive a message like this - do not reply to the original email or action whatever they request.”
As soon as cybercriminals ascertain credentials, they can attack data continuously without detection, making it almost impossible to decipher what information has been compromised.
Custard’s findings show that anyone can fall victim to cybercrime.
You can read the full report online at Custard Technical Services here.
Get the latest money-saving and benefits news sent straight to your inbox. Sign up to our weekly Money newsletter here.
