Password laziness puts millions of Australians and the companies they work for at risk of cybercrime, experts have warned, with an estimated two thirds of Australian businesses and large corporations vulnerable.

Cybersecurity expert Lawrence Patrick of Zirilio says the use of default passwords specifically poses significant risks.

“Using a default password may seem like an easy option for you to remember but the problem is cybercriminals know the default passwords too,” Mr Patrick said ahead of World Password Day on Thursday.

“There is a real problem with companies not taking enough steps to increase their cyber defences. Most computers, hardware and software, are set up to allow you to use them right away but the assumption is that you’re going to go back and customise the default password to make it secure.”

US tech giant Microsoft says the most commonly used password last year was “admin”, which is currently being used by more than 20 million people across the globe.

Other popular combinations include “123456” and the word “password”, according to research by password management company NordPass.

Former Security and Compliance Advisor at software company Salesforce, Jay Hira, said common words and personal information should be avoided when creating a password.

Advertisement
Advertisement

“Use of personal information such as your date of birth, father’s middle name, mother’s maiden name etc, are all too common,” Mr Hira said.

“Password reuse after a period of time and using the same password across multiple platforms are other common mistakes that we’ve all made at some point.”

With more people working from home in recent years due to the COVID-19 pandemic, data theft and hacking is record levels according to latest data.

The Australian Cyber Security Centre recorded 67,500 cybercrime reports in 2021, this figure up nearly 13 per cent from the previous financial year.

Fraud, online shopping scams and online banking scams were the top reported cybercrime types and additionally, self-reported losses from cybercrime total more than $33 billion, according to the ACSC’s latest annual cyber threat report.

Sophisticated hackers often use sneaky tactics such as sending fake text messages containing suspicious links to unsuspecting users in order to gain elevated access to private information.

Advertisement
Advertisement

Last year, Microsoft found out of more than 280,000 cyber security breaches. About 98 per cent of attacks used a password with less than 10 characters.

In addition, only two per cent contained a special character and Proofpoint research found 42 per cent of working Australians use the same password across multiple accounts.

Victoria Police recognises cybercrime as “a key facilitator” of organised crime.

“(We) remain unwavering in (our) commitment to minimising the impact that cyber-dependent and technology-enabled crime have on the Victorian community,” a spokesman said.

“Cybercrime presents a complex and fast-moving threat, and is recognised nationally as a key facilitator of serious and organised crime.

‘There are many practical ways for Victorians to protect themselves online. The resources available on the Australian Cyber Security Centre’s website are a great place to start.”

Advertisement
Advertisement

Experts say long and complex passwords with a combination of numbers, letters and special characters are generally the strongest.

“You can do clever things like use a phrase from a poem, or a book or a song,” Mr Patrick said.

“If you want to make it even stronger, you could create an abbreviation that doesn’t mean anything to anyone but makes sense to you.”

He also recommended using the website Have I Been Pwned, which tracks password breaches.

The rise of Facial recognition software means remembering seemingly endless passwords could soon be a thing of the past.

“You’ve probably noticed technology companies are pushing really hard to … get us to use facial recognition,” Mr Patrick said.

Advertisement
Advertisement

“Soon everything will be biometric. It will just be a face scan or a retina scan or a fingerprint tied to your identity and that’s how you will log in and authenticate yourself.”

AAP