This comes as a study conducted on behalf of the NCSC by Kantar and OnLineBus found that 15% of Brits are using their pet’s name as a password to protect their online accounts – with family members’ names, significant dates, and favorite sports teams, and the word “password”, also proving popular.
This flies in the face of all consumer cyber hygiene advice and cumulatively leaves millions of accounts exposed. Since the pandemic’s start, the average person has created up to six new online accounts, so the scale of the problem is almost certainly growing.
“We may be a nation of animal lovers, but using your pet’s name as a password could make you an easy target for callous cybercriminals,” said the NCSC’s policy and comms director, Nicola Hudson.
“I would urge everybody to visit cyberaware.gov.uk and follow our guidance on setting secure passwords,” she said.
“You can even use our Cyber Action Plan tool to generate tailored, free-of-charge advice to improve your security against online attacks,” said Hudson.
Weak passwords can, of course, be quickly and easily guessed by a malicious actor using simple trial and error techniques, and the NCSC’s current guidance is to use a password made up of three random words that do not incorporate words that are meaningful to you or have some kind of relationship to one another.
As an example, Brimstone, Moscow, Daffodil would be acceptable. However, a password containing the names of Friends characters Ross, Phoebe, and Monica is still easily linked and ill-advised, mainly if a malicious actor has established you’re a fan of the show.
It is imperative to pay attention to creating a strong and entirely separate password for your primary email account. If this is compromised, it becomes easy for an attacker to compromise other services you use and take over online banking or social media.
Storing passwords in your web browser or paying for a password vault service are both quite reasonable means of managing your passwords. Some people prefer to write them down on paper, which can be acceptable in some circumstances but requires you to assess and accept some level of offline risk.
Proofpoint international cyber security strategist Adenike Cosgrove said that the human desire for convenience and the difficulty of remembering complex passwords means that this kind of problem would persist without fundamental change.
“As we look ahead, there is the potential that security advice will be to move away from passwords altogether,” she said. “We have already seen a rise in methods such as facial recognition and other biometric authentication forms in use in place of the traditional password.
“This shift may be essential because although technical vulnerabilities may be harder to exploit in the future, humans are already and will remain the most targeted link in cyber security, with the most tech-savvy individuals vulnerable to increasingly personalized and complex attacks. Relying on passwords may be a thing of the past.”