Latest news with #NeringaMacijauskaite
Yahoo
09-05-2025
- Yahoo
Cybersecurity Expert Warns of 'Widespread Epidemic' of Bad Passwords
Cybersecurity experts are sounding the alarm on what has been referred to as a "widespread epidemic" of weak passwords that could leave their data, accounts, and personal information at risk. Cybernews recently conducted a study looking into more than 19 billion newly exposed passwords after several high-profile breaches in the past year. The outlet's research team wanted to examine the 2025 password creation trends. What they uncovered in the data was quite alarming, to say the least. The research found that 94 percent of passwords are reused, leaving Internet users vulnerable to exposure if even one of their passwords was exposed. Additionally, almost a third of the passwords analyzed consisted of only lowercase letters and digits, making them easier to guess, and default and lazy passwords like 'password', 'admin', and '123456' are still a common pattern. You can read the full study here. "We're facing a widespread epidemic of weak password reuse. Only 6% of passwords are unique, leaving other users highly vulnerable to dictionary attacks. For most, security hangs by the thread of two-factor authentication—if it's even enabled,' warned Neringa Macijauskaite, an information security researcher at Cybernews. In response to these concerning findings, the Cybernews research team shared a few recommendations: Use Password Managers. They create and store unique, strong passwords for every service, reducing the temptation to reuse passwords across different platforms. Never reuse passwords. Make sure your password is at least 12 characters long, includes uppercase, lowercase letters, numbers, and at least one special symbol. Skip any words, names, sequences, or other recognizable strings. Enable multi-factor authentication (MFA) wherever possible. MFA provides an extra layer of security, reducing the risk of unauthorized access even if passwords are compromised. Organizations should enforce password policies that require passwords to be at least 12 characters long, ideally 16, incorporating a mix of uppercase and lowercase letters, numbers, and special characters. Complexity beats length. Organizations should ensure that adequate data hashing algorithms and configurations are implemented while continuously reviewing existing security standards revolving around data transit and storage. Review access controls regularly and perform regular security audits. This leads to a better security posture of a company and lowers the risk of its users' personal data being leaked. Monitor and react to credential leaks. Organizations should adopt tools and platforms that can detect leaked credentials in real time, allowing them to instantly block access or require resets for affected accounts. With hackers and cybercriminals getting more and more sophisticated everyday, it's important to keep your data and accounts secure.
The Independent
07-05-2025
- The Independent
Over 19 billion passwords have been leaked in security ‘crisis' – here's how to check if yours is vulnerable
Over 19 billion passwords were leaked in the last year alone amid what experts are calling a cybersecurity 'crisis.' But there are ways to protect yourself. A new study by Cybernews examined more than 200 data breaches between April 2024 and 2025, and found that of the 19,030,305,929 newly exposed passwords, 94 percent of them were reused or duplicated – in some cases by different users entirely. 'We're facing a widespread epidemic of weak password reuse,' noted Neringa Macijauskaite, information security researcher at Cybernews. 'Only 6 percent of passwords are unique, leaving other users highly vulnerable to dictionary attacks. For most, security hangs by the thread of two-factor authentication – if it's even enabled.' Experts called for an acceleration of tighter security methods, highlighting that cybercriminals only require an exposed password to then access email addresses and other personal data. The leaks examined by researchers were 'loaded with information that could be used to steal accounts or impersonate affected people in identity theft attacks,' the study noted. The study found that millions still favor basic passwords that are easy to remember – and easy for hackers to guess. 'Password' is used by 56 million people, and 53 million use 'admin.' Researchers also found that '1234' is in almost 4 percent of all passwords, which is easy for hackers to guess. People's names were the second most popular choice for a password. 'Many users choose a name as part of their password. We cross-referenced the dataset with the 100 most popular names of 2025 and found that there's a whopping 8 percent chance for them to be included as part of a password,' Macijauskaite said. Others opted for positive words such as 'love,' which was in 87 million passwords analyzed, and 'sun,' used in 34 million. Swear words are also common in passwords, the research revealed. 'Passwords built from profane or offensive words might seem rare, but they're actually very common in practice,' Macijauskaite said. 'Passwords containing profanity often originate from attempts at personalization or memorability. However, such terms are prevalent in attacker wordlists and pose a substantial risk to account security.' Use password managers to create and store unique passwords for different accounts. Never reuse passwords. Make sure your password is at least 12 characters long and includes uppercase and lowercase letters, numbers, and at least one special symbol. Enable multi-factor authentication when possible, which reduces the risk even if passwords are leaked or hacked. Review access controls regularly, and perform regular security audits. Monitor and react to credential leaks.
