An alarming number of people still use login credentials that are extremely easy to hack, such as “password” and “123456”, putting them at serious risk of identity theft, an Australian security expert warns following new research this week.
Andrew Clouston, founder and CEO of personal profile manager app MOGOplus (www.mogoplus.com), said the difficulty remembering complex passwords across multiple sites meant too many consumers were using the same basic credentials across all of their accounts.
This is highlighted by new research from online security firm SplashData, which this week revealed its annual list of most common passwords. The top 10 passwords were: 123456, password, 12345678, qwerty, abc123, 123456789, 111111, 1234567, iloveyou and adobe123 (source).
These findings are similar to previous research by computer security consultant Mark Burnett who analysed 6,000,000 unique username/password combinations that have been leaked on to the internet following hacking attempts (source).
“If you’re not using unique, strong passwords for each website you log into you’re just asking to be defrauded,” Clouston said. “Strong passwords are at least 12 characters in length and contain a mix of letters, numbers and symbols preferably in both upper and lower case.”
Clouston said one of the biggest trends of the recent Consumer Electronics Show in Las Vegas in January was the effort to kill the password. Innovations on display included:
- Fujitsu PulseWallet which identifies you by scanning the unique pattern of veins on your hand. (source)
- Bionym lets you use your heartbeat as a password. (source)
- EyeLock iris scanning software that recognises users by their eyes (source)
“The heartbeat, vein and eye scanner tech from CES coupled with what we’re already seeing with the iPhone fingerprint sensor shows that the humble password’s days are numbered,” said Clouston.
An industry working group dubbed FIDO, which includes representatives from Google, PayPal, Microsoft and MasterCard among others, is working to develop new standards for authentication that do not use traditional passwords. (source)
MOGOplus is a free app that stores your login credentials – from bank accounts to utilities to social networks – enabling single-click, secure access from your smartphone or tablet. It allows you to check your balances and conduct transactions across multiple accounts from one screen.
“With MOGOplus you only have to remember your MOGO username and password and the app will take care of the rest, giving users freedom to set highly complex passwords across their online accounts,” said Clouston.
“Most importantly we let you store these passwords in a highly encrypted digital safe that’s with you all the time on your device.”
MOGOplus, protected by bank-grade security, supports all major banks, telcos, loyalty programs, web gambling services, social media sites and online share trading platforms used by Australians. Once you log off MOGO you are logged out of all your accounts.
Poor password security is as old as passwords themselves and not even the US military is immune – it has recently been revealed that for 20 years during the Cold War the launch code for US nuclear missiles was 00000000.
“When setting passwords don’t ever use your name, date of birth, home address or any of those things that are easily attributable to you personally,” said Clouston.
MOGOplus is much more than a simple app to store your passwords. It uses unique and patented technologies to allow users to login to high-security sites directly through the app.
MOGO’s servers don’t ever access a bank account or any account for that matter as the entire process is conducted on the user’s device. MOGO simply provides people with extremely smart tools to allow them to access their accounts in a much smarter, more convenient and secure way.
MOGOplus is the only app that provides a single view screen for all your accounts and balances without any of the data ever leaving your device.