The consequences of being PCI non-compliant
February 12, 2019MasterCard Changing its Logo
February 26, 20192018 is in the books. With all of the yearly retrospectives that went up onto the Internet we bet there was one that you missed. Did you manage to check out SplashData’s list of the worst passwords of 2018? Is you didn’t see it check it out and if you see a password that you use on that list you might want to change it before you finish reading this piece.
SplashData has created a number of password management applications and evaluates information from data breaches in an attempt to figure out what the most common passwords in use on the Internet are. They have published a list for a few years in an attempt to both educate reader and to shame users into making a more secure password.
Worst Passwords of 2018…
So what were the worst passwords of 2018? Unfortunately there has been little change in the Top 10 passwords. Popular were simple phrases like iloveyou, qwerty, sunshine and the ever popular password. Others in this ignominious group are numeric combinations like 111111 and a combination of 123456789. In fact 123456 was the most popular and worst password of 2018.
Other popular passwords include princess, admin, welcome, abc123, football, monkey, charlie, donald and monkey. There are also variations of the above entries. SplashData estimates that as many as 10% of Internet users in North America and Western Europe use one of the top 25 passwords with a whopping 3% of all users using 123456 alone. That is a shocking number.
Strong Passwords Are Better
Why does this matter? Strong passwords are a key component of PCI compliance. With so many people using one of these passwords it gives a potential criminal a better chance of breaking into your system. It could just be an employee’s account or a third party’s account but any potential weak point is an issue. By using strong and unique passwords PCI compliance is much easier.
So what is a strong password? A strong password should be at least 12 and preferably 16 or more characters long. Numbers and symbols (!,%,& etc) should be added to make a password harder to crack as well as a mix of upper and lower case letters. A complex 16 character password would take someone more than one lifetime to crack, in fact your child would probably be dead long before the password could be cracked. That is a secure password! Throw in other options like Two Factor Authentication and your systems will be much more secure meaning you can sleep better at night.
Don’t want to try to think of a password for yourself? Use a password generator. And don’t forget that a password manager can be used to store all of these passwords so you don’t have to remember them. Don’t try to memorize them, it won’t work.