Is your password P@ssw0rd? Then today is the day to change it.

You might think: I would NEVER use password as a password. But our experts, including Sudharshan Kumar and Eva Garcia Soto, still see a lot of this during cybersecurity assessments they perform.

These things stand out when it comes to password security:

🔑 Even weak passwords might pass corporate requirements: During pentests, our testers see a lot of passwords like "P@ssw0rd" or "Passw0rd" or "Password2023!". Most organizations have a password policy: a password needs 8 characters - uppercase and lowercase - including numbers and special characters. That means the passwords above satisfy the password policy despite being easy to guess…

🔑 The Dutch love voetbal: Interestingly, in the Netherlands, the word ‘voetbal’ is used as the basis for many passwords, our testers saw. For instance: "Voetbal2023!" or "Voetbal23". These also check all the boxes of a strong password – but if everyone uses the same word, that somewhat undermines its security.

🔑 Autumn2023 is still going strong: In phishing simulations, passwords like "spring23" or "angela05" pop up quite often, indicating that the trend of incorporating seasons and personal namesrefuses to die.

🔑 People often pick easy associations: Another startling find was passwords mirroring the name of the service, like "udc_password" for a service named UDC.

🌐 What does this mean for you? Changing your password is more than a compliance tick-box. It’s about creating a barrier that really secures your digital identity. This ‘Change Your Password Day’ is a perfect opportunity to strengthen your first line of defense.

Our Advice:

1. Avoid predictable patterns.
2. Mix in unrelated words and numbers.
3. Use a password manager for complex passwords.
4. Regularly update your passwords.

Let’s not make a hacker’s job easy. Your security is our priority. Happy password changing!