Dr. Junade Ali, Computer Scientist & Security Expert speaks to Clayton M. Coke of Podcast Radio Business to discuss why Your Password Isn't Strong Enough!

We are all guilty of using our favourite holiday destination, a pet’s name or our birth year for a memorable password across multiple sites.

But this World Password Day (Thursday 2nd May 2024), a Cyber Security Expert is warning that the importance of strong passwords on our devices and online accounts is more important than ever as hackers are targeting multiple accounts of victims due to weak and predictable passwords.

65% of people in the UK admit they are scared about being hacked in the future, with 84% thinking hackers are becoming more inventive. Yet only a fifth of people (20%) are able to correctly identify a secure password over a compromised one which can be cracked by a computer in less than a second, and 20% admit to having just one password for multiple websites and devices.

New research by the Institution of Engineering and Technology (IET) shows we are extremely predictable from a scammer’s perspective, with almost half using a significant date (21%) or a pet’s name (20%) as the topic of our passwords.

When we do stray away from the predictable, we aren’t putting much thought into it either, with 38% believing replacing letters with numbers e.g.p4$$w0rd is more secure when thinking about a password, with 45% believing it makes them harder to guess.

65% of people think passwords should never be written down, despite advice from cybersecurity experts, and 77% think changing passwords frequently makes them more secure, despite GCHQ recommending against this practice.

p4$$w0rd is in dictionaries of common passwords, so it can be cracked in less than a second. If you use the same password for every website and the password is breached from one site, all sites can be compromised without the attacker needing to try any other passwords - this is known as credential stuffing.

Cyber Security Expert and Computer Scientist Junade Ali is urging us to take action now with these simple tips to boost our security and keep hackers away:

• Use randomly generated, long, unique passwords for each website.
• Enable Two-Factor Authentication where possible.
• Use a password manager to store your passwords for you and tell you when they have been in a data breach.

In fact, even those who haven’t been impacted are being targeted regularly, with a fifth (21%) of people receiving a scam email every day, 73% thinking hackers are becoming harder to detect and 41% admitting they wouldn’t know what to do if they’d been hacked.

Junade Ali wants to raise awareness of our common password pitfalls and provide some useful insight to bolster our defences against cyber threats.

ABOUT JUNADE ALI:

Dr Junade Ali (27) was named the youngest-ever Fellow of the IET in June 2023, and is believed to be the youngest ever Fellow of a professional engineering institution.

In order to secure Fellowship, Dr Ali demonstrated personal responsibility for significant technological innovation and independent contributions to original research that have resulted in international recognition.

During his career, he invented the technology which allows websites, password managers and web browsers to warn users when their password has been found in a data breach, without the password ever needing to be shared with a third party. This technology has been adopted by companies including Apple and Google.

Other contributions have included developing software to help de-escalate cyberwarfare situations (including in relation to North Korea) and conducting research into topics including burnout, wrongdoing and whistleblower retaliation in software engineering.

BACKGROUND INFORMATION:

The research for the IET was carried out online by Opinion Matters throughout 18/04/2024 to 22/04/2024 amongst a panel resulting in 2,000 National Representative UK (aged 16+)responding. All research conducted adheres to the MRS Codes of Conduct (2010) in the UK and ICC/ESOMAR World Research Guidelines.

Opinion Matters is registered with the Information Commissioner's Office and is fully compliant with the Data Protection Act (1998).