POSTED: March 3, 2022
Passwords remain a source of contention, partly because nobody has yet found a method for replacing them which does not have at least as many potential problems. The use of biometrics, for example, has fundamental issues, other than the obvious ones concerning civil liberties. If a password I use gets hacked or stolen then I can change it. If I only use it on one site then I do not have a more general problem. If all my sites use fingerprints or retinal scans then once those have got stolen and logged and stored, then I have a widespread and possibly permanent problem.
From The Register today:
In a report released today, SpyCloud researchers found that despite the growing sophistication of bad actors and the headlines surround cyberattacks, many users continue to use poor hygiene when it comes to passwords, including using the same or similar passwords for multiple accounts or weak or common passwords.
In addition, more than two-thirds of passwords that have been breached in previous years are still in use, according to the 2022 SpyCloud Identity Exposure Report.
The company found that 64 percent of consumers repeat passwords for more than one account and 70 percent of passwords that have been compromised are still in use.
The data in SpyCloud’s report dovetails with what other cybersecurity vendors are seeing. Lookout recently published a list of the passwords that are most commonly found on the dark web, with the top four being 123456, 123456789, Qwerty and Password.
You can download the Spycloud report from here. Warning: it requires you to give your details before downloading, so your inbox might hear from them later, and then later again, and so on.