Telstra shares Password Hall of Shame. 46% of Aussies are still using easy-to-guess passwords

    Telstra recently conducted research with YouGov that found that 46% are using an easy-to-guess password that contains either their favourite sporting team, pet’s name or their birthday.

    In 2023, that simply isn’t good enough, passwords need to be long, complex and backed up (or replaced) by Multifactor Authentication.

    Of those people, 20% have used their pet’s name – if that’s you, maybe don’t go around blasting your pet’s name on its harness and definitely consider updating it.

    A further 17% admitted to using their birthdate as – or in – their password, and another 9% said they have used their favourite sports team. You need to imagine things from an attacker’s perspective. A motivated actor will leverage any publicly available data in an attempt to discover your password and breach your account.

    Far too often we hear about a friend or family member being ‘facebook hacked’ when in reality, there was no hack, the user did not use a sufficiently complex password that makes the possible combinations large enough to protect the account. Generally, 14 characters are now the standard for password length and while it’s difficult to remember all the passwords we have, there are techniques and systems to help.

    If we have learned anything from the major cybersecurity events of Optus, Latitude and Medibank, we should understand the value of protecting our data on these platforms.

    According to the latest ScamWatch data, Aussies have already lost $194 million this year (January to April 2023) to scams and hacking. Checking the strength of your passwords and employing simple tactics to keep those passwords private is one simple way you can help protect yourself online.

    Your password is the first line of defence when it comes to your online safety so don’t make it easy for scammers to make you a target. Criminals are relentless and will exploit Australians’ tendency to use the same password across multiple accounts. All it takes is one breach and multiple accounts can be compromised.

    Contrary to popular belief, your best bet is to use a unique and easy-to-remember passphrase including a few capitals or special characters.

    Telstra’s Cyber Security Expert Darren Pauli says:

    Is your password “P@$$w0rd”?

    As well as password re-use across different services (terrible idea), almost half (46%) of Aussies admit to having used easy to-guess passwords for their devices and online services/platforms.

    These include:

    • One in five (20%) using their pet’s name
    • More than one in ten (13%) use “generic” passwords like “password”, “123abc”, “123456” or “987654” (Men are also twice as likely as women to use this type of password, 19% compared to 8%)
    • One in ten (9%) have used their favourite sporting team (most popular amongst Millennials at 16%)
    • A further 17% have used their own birthdate

    Sharing is not caring

    Aussies are also the sharing type when it comes to password security; almost two in five (37%) Aussies admit to sharing some of the same passwords with members of their families, including almost one in five (18%) that do so across two or more accounts.

    Unclear or Cyber Complacent?

    Despite Gen Z and Millennials being more likely than their older counterparts to claim they understand how to securely set and manage passwords, they don’t follow through. 23% of Gen Z and 21% of Millennials admit to not doing so Vs Gen X (13%), and Baby Boomers (8%).

    Here are our top tips for password security

    Use a password manager

    Huge lists published online containing millions of hacked usernames and passwords increase the chance that criminals will compromise accounts with reused passwords.

    These attacks occur at scale. Criminals can automatically cycle through thousands of compromised logins until an attempt is successful.

    This is where a password manager helps. These set and store highly-complex, random and unique passwords inside a secured service that is protected with the only password you need to remember. Set one password and forget the rest.

    There are many free and easy options available, but you may find it easiest to use the built-in managers you may already have.

    Apple’s iCloud keychain password manager is built into iPhones, iPads, Mac OS, and the Safari web browser. Google’s password manager is built into Android-based phones including Pixel and Samsung lines, tablets, and in the Chrome web browser.

    Web browsers Firefox and Edge also contain a built-in password manager, while separate free and paid apps exist that work across all mobile devices and computer operating systems.

    A good password is a sentence

    For decades we’ve all been taught to use passwords that are hard to remember and often easy for computers to break.

    Likewise, we’ve all become used to requirements to set passwords with an upper and lowercase letter and a special character which ends up with people setting predictable passwords such as P@ssw0rd1 or Summer2020!, and hackers know it.

    So make the last password you need to remember for your password manager one that is strong but easy to remember by using a passphrase that is unique to you.

    Write it as a normal sentence, complete with spaces, and throw a number and a few capital letters somewhere to make a highly original combination. Don’t use cliches like I hate Mondays or famous phrases as these could be guessed.

    Here are a few good examples, but please don’t copy these as your own!

    • Time for tea at 1:23 (rhyming may help you remember)
    • Somewhere, under TR (altered version of ‘somewhere over the rainbow’)
    • horsebatterystaplertelephone (random unrelated words that have personal meaning)

    Don’t want to use a password manager?

    Managers are in large part a convenient way to set, save, and secure your passwords, but they may not be for everyone.

    Those less comfortable with smartphones and apps may instead prefer to write down their passwords on paper. This is fine, provided a few steps are followed.

    Never let people you don’t trust see your written passwords. In practice this means never taking your passwords outside, including in a wallet, purse, or backpack. About 1.2 million Australians keep passwords in their purse or wallet.

    If keeping passwords only inside your house is too inconvenient, then consider a password manager.

    You should also avoid storing passwords in any online service that is not a password manager, like a digital notepad, as doing so comes with security risks.

    Telstra has developed a simple way to help protect yourself online:

    Be SUSS

    • Suspect unknown numbers
    • Update software
    • Strengthen passwords
    • Switch on multi-factor authentication.

    Services are increasingly enforcing strong passwords and MFA to help you protect your data online.

    Jason Cartwright
    Jason Cartwright
    Creator of techAU, Jason has spent the dozen+ years covering technology in Australia and around the world. Bringing a background in multimedia and passion for technology to the job, Cartwright delivers detailed product reviews, event coverage and industry news on a daily basis. Disclaimer: Tesla Shareholder from 20/01/2021

    Leave a Reply


    Latest posts


    Related articles