I don’t mean to date myself (a lonely pursuit anyway), but I can remember having passwords in the 90s that were quaint by modern standards—in addition to being woefully inadequate to protect against today’s cybersleuths.
Below is the greatest hit list of the most commonly hacked passwords going back to the dawn of the internet. And mind you, a lot of these passwords weren’t just used for those early eBay purchases, but for much more serious banking and brokerage accounts where money could be drained very quickly.
5. Last name + 3-digit birthday
4. First child name (+ their birthday if you were feeling extra clever)
3. “qwerty”
2. “123456”
1. “password”
Using 1-3 is kind of inexcusable. 4-5 are little more understandable. Many of us though did use slightly more clever passwords that were easy enough to remember while ostensibly being so personal that nobody (we hoped) could figure it out on their own. Yeah, we could and should have always used “7sdf8dxz0sjh-3”, but who was going to remember that?
Many of us are now a little nostalgic for those easy-to-remember-but-totally-hackable passwords, and you may have a few that slipped through your own password manager despite all the nagging messages.
There’s some law out there that probably states that if you could do something (or are already doing something), it’s safe to say that millions of other people are very much doing that same thing—we’ll call it Khan’s Law for our purposes. So, I think we can agree that there are many other people, nostalgic for their 90s-era email account passwords, who are having (or already had) their emails hacked.
If you’re in an industry where there are many parties involved with important transactions, it’s safe to say (via Khan’s Law) that there’s someone in the mix who is very likely to have used a nostalgia-based password to access their email account. This, of course, exposes you (if you are sending email to them) and your company to cybercriminals and their modern social engineering attacks including wire fraud and mistakenly paying invoices to the wrong person.
Here’s where RMail’s Email Eavesdropping™ alerts come in. They not only protect your organization from falling prey to social engineering attacks, but they also spot security breaches beyond your email borders, at the recipient. This is relevant to those scenarios where an email impostor cuts you out of the communication, copying your email to the recipient at the recipient with replies set to come back to the cybercriminal, resulting in your recipient miswiring funds meant for you but instead are sent to a cybercriminal. (Who likes to be cut out of the (email) conversation? Certainly not you if you are trying to wrap up a deal!).
Learn more on Eavesdropping Attacks
Best of all, RMail’s Email Eavesdropping™ alerts work seamlessly within any existing email security or email system. Even if you have an inbound email security gateway, you can add RMail, as this protects you on the outbound—and even beyond your email borders, at the recipient and beyond.
Finally, here’s another way to safeguard your email passwords: Change your name to 7sdf8dxz0sjh-3 and just use your name as your password 😊. As always, feel free to contact us to discuss how RMail and its Email Eavesdropping™ alerts will give you peace-of-mind.
October 01, 2024
September 24, 2024
September 17, 2024
September 10, 2024
September 03, 2024