On the World Password Day this year, network and endpoint security firm Sophos has released a report which says that ‘123456’ was the most attempted login password in the Mumbai cloud server honeypot. ‘123456’ was also the top password globally with 15,785 login attempts.
The report titled ‘Exposed: Cyberattacks on Cloud Honeypots’ reveals that over 1,376 login attempts were made by cyberattackers on the server within a period of 30 days.Sophos set up the honeypots in 10 different Amazon Web Services (AWS) data centers worldwide including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a period of 30 days.
The ‘123456’ password was followed by ‘1234’, which was attempted over 1,335 times by cyberattackers in the Mumbai cloud server. The third most attempted login password was ‘Admin’ with close to 1,156 logins and at the fourth position was ‘Ubnt’ with 912 logins. The password ‘12345’ took the fifth spot with over 761 login attempts.
Globally, ‘Admin’ and ‘1234’ are the second and third top passwords with 12,605 and 9,583 login attempts respectively. The fourth top password globally was ‘password’ with 9,034 login attempts and ‘12345’ at the fifth position saw 7,145 login attempts.
A study by UK’s National Cyber Security Centre (NCSC) also reveals that ‘123456’ appeared in more than 23 million passwords. The second-most popular string was ‘123456789’, while others in the top five included ‘qwerty’, ‘password’ and ‘1111111’.
However, users are recommended to change simple passwords as it gets easier for cyber-criminals to launch a phishing attack to get their hands one’s digital life. For World Password Day, Google has setup a quiz to check a user’s phishing-detection skills.
To avoid phishing attacks, one is recommended not to reuse passwords, keep passwords strong and unique, use password manager, and enable two-factor authentication wherever possible.“Passwords are an important aspect of computer security – they are the front line of protection for user accounts in a very wide variety of services and systems. Unfortunately, people are not changing factory default passwords, which cybercriminals are counting on to carry out their attacks.
Building strong, unique passwords and using a password manager to keep track of them is a best security practice everyone should use in this digital age,” said Sunil Sharma, managing director sales, Sophos India & SAARC in a press statement.