Practise good cyber hygiene habits to thwart hackers, scammers and other malicious parties

In 2013, World Password Day was introduced by Intel to raise awareness on the role strong passwords play in safeguarding our digital lives.

The event, which falls on every first Thursday in May, invites users to evaluate their own security measures and take the necessary steps to protect their accounts.

Simply using lengthier passwords consisting of unique characters is no longer sufficient today as users are advised to turn on multi-factor authentication for better protection.

Experts also urge users not to recycle passwords as they may have been inadvertently exposed in data breaches, and to utilise other security measures such as biometrics authentication using fingerprints or facial recognition wherever possible.

Here are some recent cybersecurity incidents involving bad password habits to convince you to make the change.

As easy as 123

First reported in 2020, the SolarWinds hack has been described as one of the most devastating security breaches in US history.

According to a Reuters report, hackers breached SolarWinds’ software and could have gained access to an estimated 18,000 companies and multiple US government agencies that used its products. These included emails at the US Treasury, Justice and Commerce departments, among others. A subsequent investigative report published by the company claimed that fewer than 100 customers were actually affected by the hack.

Investigations into the cause of the hack led to the initial discovery that SolarWinds had suffered a lapse in password security back in 2019, when an intern allegedly posted the password “solarwinds123” onto their private Github account.

The researcher who found the leaked password, Vinoth Kumar, told CNN that the password had been accessible online since 2018 and that by using the password, he was able to log in and deposit files onto the company’s server.

He warned that any hacker could upload malicious programs to SolarWinds using the tactic.

SolarWinds CEO Sudhakar Ramakrishna later admitted that the password had been in use from as far back as 2017 and that he had taken measures to fix the issue.