The Authlogics Password Breach Database has once again revealed the weaknesses in people’s account security, this time shining a light on the effect the Olympics have had on people’s password choices. With the Olympics in full swing, it is clear that sports have been at the top of people’s minds, although when it comes to securing digital identity this can pose a massive danger.
An analysis of the 1 billion unique clear text passwords has shown that the games have influenced passwords from users everywhere, with over one million associated with 15 Olympic sports. Some of the most popular variations include: ‘Baseball’, which was used 293,318 times, ‘Soccer’, of which there are 290,501 instances and ‘Basketball’ which was chosen on 183,870 occasions. Additionally, people were inclined towards using ‘Tennis’, ‘Softball’, ‘Volleyball’ and ‘Swimming’ when coming up with a new password for their account.
As fun and creative as these words may seem, they represent an issue for enterprises and individuals, as hackers will have little to no issues guessing them to access an account. Ultimately, passwords are inherently flawed. If a threat-actor’s aim is to hack into an account or network and steal sensitive information, the employees of an organisation pose as the easiest way to gain access. Social engineering tactics create an easy option for hackers to monitor a social media account and discern an individual’s interests and hobbies. Unfortunately, many individuals are predictable enough to use their hobbies or interests when coming up with passwords, and the breach database has shown that, once again, this is the case with regards to the Tokyo Olympics.
To make matters worse, a 2019 study showed that 13% of people reuse one password across all of their accounts. Therefore, if an attacker can guess someone’s password based on the sports they like, their accounts are at risk. This has proven that organisations should be more involved in their company’s password security; if one account is hacked, sensitive data is left vulnerable.
Companies should make sure to follow these best-practices throughout all levels of their business:
- Pattern-based authentication: Using a pattern as a password is more secure than using a word. The pattern could be made up of letters or numbers and should be unique to the user.
- Symbols: Using a combination of letters (some upper case and some lower), numbers, and symbols. This is particularly important if a user is insistent on having their favourite football team or sport in their password! Rather than using a password ‘Topgolf-123,’ you may opt for something alpha-numeric like ‘T0pg0lf123’ or similar.
- Avoid password reuse. While this might make it difficult to remember passwords it goes a long way to limiting the damage should an accounts become breached. Using a password manager could be a good way to store and remember all various passwords.
As seen with the attack on the Colonial Pipeline, password security is not only a crucial part of securing accounts and digital identity, but for protecting a company against larger attacks, such as ransomware. Until passworldess can become a reality, users should be smart about their password choices and not allow large sporting events to be the key to their accounts.