Sophos, a network and computer security company, found cyber-attackers used that password in 1,376 login attempts in a span of 30 days in a Mumbai cloud server honeypot test. Sophos's report said the same password was used 15,785 times in login attempts globally. The other vulnerable passwords in the Mumbai cloudserver included: '1234', 'Admin', 'Ubnt', and '12345'.
The honeypots were setup in 10 of the most popular Amazon Web Services (AWS) data centers in the world, including California, Frankfurt, Ireland, London, Mumbai, Ohio, Paris, Sao Paulo, Singapore, and Sydney over a 30-day period.
A honeypot is a system intended to mimic likely targets of cyberattackers, so that security researchers can monitor cybercriminal behaviors.
Sunil Sharma, managing director sales, Sophos India & SAARC, said that passwords were an important aspect of computer security. "Building strong, unique passwords and using a password manager to keep track of them is a best security practice everyone should use in this digital age,” he added.
Enable multi-factor authentication (MFA): Enable multi-factor authentication wherever possible. This adds an additional layer of protection against someone trying to access personal accounts.
Use complex passcodes for devices: It’s not just passwords for email addresses and social media accounts that need to be secure. Ensure that the login for laptops and mobile phones also have complex passcodes.
Use a password manager: To give passwords the best possible chance of not appearing on Pwned Passwords, use a properly secured password manager that will create and store secure passwords.
Learn how to choose proper passwords: Most people end up with dozens of online accounts and have to create passwords all the time. Even with a password manager, create one really excellent password is needed to lock the central ‘password vault.’
Use unique passwords for online banking: Sensitive accounts need special passwords. This includes banking and other accounts where financial data is accessed and stored.