ITP Techblog

Brought to you by IT Professionals NZ
« Back to Home

Password apathy is costing Kiwis millions

Techblog Staff. 07 April 2021, 11:57 am

A simple change to password behaviour could save New Zealanders millions of dollars says CERT NZ, the government agency which supports organisations and individuals affected by cyber security incidents.

In 2020, Kiwis lost almost $17 million1 through cyber attacks. In some cases this financial loss was due to poor password practice, like weak passwords or reusing passwords across multiple accounts.

A well known password manager service 2 cited '123456', 'picture1', 'password' and '12345678' as some of the most commonly used passwords in 2020.

"Attackers use software that automatically tries the most common passwords against accounts, and using these sorts of passwords makes it easy for the attackers to find their way in", says CERT NZ Director, Rob Pope.

According to research conducted by CERT NZ and Consumer Protection, only 41% of Kiwis3 say they always make sure their passwords are distinct, long, and complex when signing up to new websites or online services.

Therefore, CERT NZ is running an education campaign this month to help New Zealanders improve their password practice with passphrases:

It's important that passwords for online accounts are long, strong and unique. That means they need to be more than 15 characters and each account has a different password. It can be difficult coming up with good passwords every time, but there are proven methods that make this easier.

"Using a passphrase, a mix of four or more random words, is one way you can use a long, strong password that's easy to remember, but difficult for an attacker to crack.

"For instance, look around you and come up with four random things - like 'bananamousebookwindow'. This would take password cracking software approximately three billion years to guess, but is much easier to remember than the usual complex passwords which are a mix of symbols, numbers, letters."

Password apathy is a concern according to research undertaken by CERT NZ. In 2020, after experiencing a cyber security incident only 31% of Kiwis changed their password on an important online account, like online banking or email.

"If someone has been able to log into your accounts without your authorisation, you should change your password straight away, and your passwords should be like snowflakes - unique," says Mr Pope.

One of the biggest threats to your online data security is using the same password across a number of accounts. This means if an attacker gets access to one of your accounts, they've got access to them all.

"It's easy to think that you don't have anything online that anyone else would want, and no-one's going to go to the effort of figuring out your passwords.

"Most cyber security attacks are opportunistic rather than targeted. Attackers look for easy ways to gather personal information online, like through weak passwords, to use your details to create fake accounts in your name and then steal from others. 

CERT NZ recommends using a password manager to securely store unique passwords for each of our accounts.

"People have so many accounts nowadays, so it can be hard remembering passwords to all of them. That's where a password manager comes in. It's like putting your passwords in a safe that only you have the key to."

More information about improving your password hygiene and understanding password managers is available on CERT NZ's website:  


You must be logged in in order to post comments. Log In

David Lane 09 April 2021, 3:24 pm

Using a password manager is basic digital hygiene, and the value of improving our practices as a society could save us all a huge amount of anxiety and $. Seems it's time that our gov't recognised that software is infrastructure, too, like roads, schools, and a public health service (which we fund due to the value to society, the "Common Good"). It's time for gov't to fund the development and provision of open source services like this for the people of NZ rather than forcing them to choose ad hoc solutions (usually uninformed decisions that are expensive and hand power/control to corporations outside the NZ jurisdiction). An open source password manager like BitWarden could be offered at scale for all NZers gratis for far less than the current cost to our economy of the impact of poor password practices that are epidemic among NZers.

Web Development by The Logic Studio