Despite technology leaders working towards a secure passwordless future, Superscript’s latest study discovered that almost a third* of Brits still believe passwords to be the most practical and secure form of defence against cybercriminals.
With widespread bad password habits also leaving Brits more vulnerable to a successful attack:
- 34% have changed a secure and ‘strong’ password to a weaker but more memorable one i.e., low character count, not complex enough, or doesn’t include numbers and symbols
- 31% have shared their passwords with others
- 26% only use 2 – 3 passwords for all their logins
- 17% did not change their password immediately when notified that it had been compromised
The issue of passwords is further heightened with children’s names**, found by Superscript to be people’s top inspiration for their login credentials. At first, using memorable names might seem harmless, until you estimate how long it would take for the most popular children’s names*** to be hacked:
Girls names:
| Names | Possibilities | Lowercase letters only | At least one uppercase letter | At least one uppercase letter and number | At least one uppercase letter, number and symbol |
| Mia | 96 | Instantly | Instantly | Instantly | Instantly |
| Ava | 192 | Instantly | Instantly | Instantly | Instantly |
| Lily | 600 | Instantly | Instantly | Instantly | Instantly |
| Isla | 800 | Instantly | Instantly | Instantly | Instantly |
| Emily | 2520 | Instantly | Instantly | Instantly | Instantly |
| Grace | 4200 | Instantly | Instantly | Instantly | Instantly |
| Sophia | 11520 | Instantly | Instantly | Instantly | Instantly |
| Olivia | 15360 | Instantly | Instantly | Instantly | Instantly |
| Amelia | 26880 | Instantly | Instantly | Instantly | Instantly |
| Isabella | 1344000 | Instantly | 22 minutes | 1 hour | 8 hours |
Boys names:
| Names | Possibilities | Lowercase letters only | At least one uppercase letter | At least one uppercase letter and number | At least one uppercase letter, number and symbol |
| Leo | 280 | Instantly | Instantly | Instantly | Instantly |
| Jack | 480 | Instantly | Instantly | Instantly | Instantly |
| Noah | 1152 | Instantly | Instantly | Instantly | Instantly |
| Harry | 3600 | Instantly | Instantly | Instantly | Instantly |
| Jacob | 7680 | Instantly | Instantly | Instantly | Instantly |
| Oscar | 8000 | Instantly | Instantly | Instantly | Instantly |
| Oliver | 16800 | Instantly | Instantly | Instantly | Instantly |
| George | 17640 | Instantly | Instantly | Instantly | Instantly |
| Muhammad | 62208 | Instantly | 22 minutes | 1 hour | 8 hours |
| Charlie | 84000 | Instantly | Instantly | 1 minute | 2 minute |
Estimate hack time using Hive Systems table
The ease for cybercriminals to hack these popular children’s names of varying lengths and complexity illustrates the importance of thinking twice about password influences and cybersecurity preferences.
Jamie Akhtar, CEO and co-founder of CyberSmart said: “Cybercriminals often rely on our lax attitudes towards security to carry out their malicious schemes. Think twice about what you share online, and be attentive of how many people might know the information you use as the basis for your passwords. Better yet, consider using a password manager, which can help create unique passwords, and remember them for you.
For so long as passwords remain a staple in cybersecurity, we need to ensure that we are taking the necessary steps to make them as secure as possible. With so much of our lives already online, it is critical that we do not take for granted our personal security.”
Microsoft rolled out passwordless logins to businesses and the public in 2021, with Google and Apple widely expected to follow suit soon, yet when it comes to secure login preferences Superscript found that only 7% would choose device recognition, 8% token and 17% multi-factor authentication – a measure that 2 in 5 actually deemed an inconvenience. Whilst 29% opted for passwords.
Cameron Shearer, Co-Founder & CEO at Superscript commented, “Even as cybersecurity and technology continue to advance, we shouldn’t underestimate the role people play. Our preferences, poor adoption, and complacency can be the difference in the protection provided. Humans are still a source of vulnerability, further emphasised by social engineering scams found by the Government Security Breaches survey 2022 to be the most popular form of cyber-attack.
Unfortunately, we can all make mistakes. So, it’s worth being cautious and making sure you are protected where possible, especially as our devices have become a ‘one-stop-shop’ for every element of our lives: from capturing time with loved ones, entertainment, and health and wellbeing, to financial management, life admin, and work. Which, in some cases, are entrepreneurial passion projects.”
For more information on this research, including details of password selection habits and the risks this poses, please visit gosuperscript.com.