What were the worst passwords of 2016?

We know, we harp on a bit about IT Security.

In fact, we’re probably starting to sound a little like your mother, when she would constantly harp on about you cleaning your room.

Whether you’ve now gotten on top of that and have a relatively clean room, or conversely the lack of nagging has let you take filthiness to a new level and we might find a half-eaten two-month-old pizza box under your bed, we do hope you heed our advice in regards to IT Security.

Specifically, passwords.  A large part of keeping your online world secure is passwords. You don’t want someone going through your messages, accessing any questionable photos you may have on your phone, or judging your bank transaction history.

But with so many online accounts, come so many passwords. Some are fine – set once and it’s it. Some will prompt you to change at set periods (and they may not all align).

For example, the security-conscious folk at Griffith regularly makes us change our passwords to ensure our account is safe from hackers. And we totally appreciate the automated prompt to stay on top of our online-security. But let’s be honest, it’s hard having to think of a password that is different from your previous 13, has at least six characters, a mixture of letters and numbers… shall we go on? So inevitably, you may choose a password that is too simple, weak or just plain obvious.

So SplashData made a naughty list; the 25 worst passwords for 2016. The list is based on more than 5 million passwords that leaked online last year, and posted for sale online.

Now, listen to your mum us and make sure your password isn’t on the list (and lol at the people who use hottie)!

  1. 1. 123456
  2. 2. password
  3. 3. 12345
  4. 4. 12345678
  5. 5. football
  6. 6. qwerty
  7. 7. 1234567890
  8. 8. 1234567
  9. 9. princess
  10. 10. 1234
  11. 11. login
  12. 12. welcome
  13. 13. solo
  14. 14. abc123
  15. 15. admin
  16. 16. 121212
  17. 17. flower
  18. 18. passw0rd
  19. 19. dragon
  20. 20. sunshine
  21. 21. master
  22. 22. hottie
  23. 23. loveme
  24. 24. zaq1zaq1
  25. 25. password1

Read the full article in Network World, available via the ProQuest database.

Remember to stay on top of cybersecurity! For more information check out our cybersecurity webpage, and for tips on keeping your password secure go to Griffith University’s Passwords page.

Are you a cyber security warrior or sleepwalker?

It’s already October and it would be easy to ask where has the year gone?

But we’re pretty excited because this month, the world is celebrating National Cybersecurity Awareness Month.

We are hearing almost every day in the news about the latest breach or hack (not to mention the foreign prince who wants to marry me). So it’s time to brush up on some good practices around passwords, data protection and your online identity.

‘Too hard basket’ you say? Not now we’ve found the perfect place to start with some easy basics: Australia’s Stay Smart Online website.

Tips to protect yourself online
This isn’t just for your desktop, don’t forget you need to protect all your devices: laptop, mobile, tablet.


  • Use different, strong, hard-to-guess passphrases on all your devices.
  • Don’t arbitrarily mix letters, numbers and symbols to make a password. Instead, create passwords that are more memorable.
  • Don’t use your street address or numeric sequences such as 1234567.

Protect your stuff

  • Griffith students get free anti-virus software, so download or update it now!
  • Install adequate firewalls.
  • Set a password or pin; make sure they are different.
  • Install reputable anti theft/loss protection—your device’s retailer or service provider can provide recommendations.
  • Use your device’s automatic update feature to install new applications and operating system updates as soon as they are available.
  • When you get rid of a computer or device, make sure you have removed all your personal data and try to clean the hard drive.

Be cautious with emails

  • Be suspicious of emails from people you don’t know or that look unusual—it may be spam email with malicious software attached.
  • Don’t share your email address online unless you need to and consider setting up a separate email address just to use for online forms or shopping.
  • As much as possible, have separate email accounts for personal and business use.
  • Use a spam filter to catch dangerous messages before they get to your inbox.
  • Delete spam messages without opening them and never reply to them.
  • Do not open any attachments if the source of the message is unknown or suspicious—do not enable macros on documents from an untrustworthy sender.


  • Protect your wireless connection with a strong password.
  • Make sure remote management on your modem or router is disabled.
  • If you are using public wifi, make sure your computer has its firewall enabled, your software is up-to-date and you have a good anti-virus program installed.
  • Don’t use public wifi for sending sensitive emails, accessing your online banking or using your credit card while connected (and make sure your apps with this information are closed).

You can also visit Griffith University’s Cybersecurity website for more info and tips.

Protect your computer against viruses

As a uni student, your computer possibly contains 1353 words of your essay due next week (eeek!) and three gazillion gigabytes worth of photos from your entire life (well, this semester anyway).

With great love comes great responsibility. You need to take care of your computer so it doesn’t catch a virus.

According to PC Mag: ‘The effect of the virus may be a simple prank that pops up a message on screen out of the blue, or it may destroy programs and data right away or on a certain date. For example, the famous Michelangelo virus contaminated the machine on Michelangelo’s birthday’ (PC Mag Encyclopedia).

The sad face emoji isn’t sad enough to express how crummy it would be to lose all the data on your computer.

So, what can you do to protect against these viruses? Well, most importantly, ensure you have anti-virus software installed on your computer!

As a Griffith student, you can download Symantec Endpoint Protection through our Software Download Service for free. Yes, it’s free! So there’s no excuse not to do it.

Just follow our instructions to access the Software Download Service, select the Symantec Endpoint Protection folder and your operating system, and run the executable file.

If you want further protection, you could also download Norton 360 or Norton Internet Security. While these incur a fee, Griffith Students get 50% off, and we reckon that’s an alright saving! You can find out more about Norton Student Savings here.

Once you’ve gotten your anti-virus software sorted, there are a few more things to you can to do protect against computer viruses, so check out our post on how to secure your virtual world, and keep yourself protected online.

Use WhatsApp? You better read this

Where would we be without modern technology?

Probably getting lost a lot more frequently (no Google Maps to save us), not nearly as connected socially, likely going outside more often, and we’d have a lower chance of developing arthritis in our hands from excessive texting.

Modern technology helps us stay connected and on top of things. But just as fast as technology is evolving, hackers and cyber security threats are evolving too.

Now, we don’t suggest you put on a tin-foil hat and revert to using an old Nokia block phone. But you do need to be mindful of information security threats.

WhatsApp is a useful app; it allows us to easily stay in contact with friends around the globe. You know what’s not so great though? When things go wrong and a phising scam steals your bank details and personal information.

A new scam sent by an unofficial ‘The WhatsApp Team’ claiming ‘your subscription will be ending soon’ is currently in circulation.

The fake message warns that in order to continue to use the service, you need to update your payment information. The email includes a link for victims to sign in to a customer portal and update their details.

Warning: it’s a trap! If you follow this link, your personal and financial details can be exploited by cyber criminals.

So, if you receive this message – ignore and delete!

And stay safe: online, in bed, on the roads, in general.

Find more information at the Stay Smart Online page.

How to stay safe online

Having different passwords for different sites is one way to keep your personal and financial information safe online.

But there are so many sites that require you to login with a password. How do you keep track of all them? Well, one easy way to remember all your passwords is to create a master password.

The master password should be a combination of letters and numbers e.g. mpie2r (my password is easy to remember).

You then modify the master password for each site. So, your password for Pinterest might be mpie2rpin while your password for Tumblr might be mpie2rtum.

Having a strong password is another way to keep your information secure. You may choose an obvious password like ‘password’ or ‘123456’ because it’s easier to remember and you don’t think you’ll be hacked.

But it could happen. Spend a few extra minutes creating a secure password that will deter hackers. The safety of your personal and financial information is well worth the effort.

Another way to maintain your security online is to avoid opening spam and clicking on random links. Some spam is incredibly well disguised but chances are:

  • You haven’t won $1000000 in a lottery fund
  • That Nigerian prince who wants your bank details is not a prince
  • Your bank won’t request your password or account details online

–Extract from Study Smart —

Protect your digital life


When you lend your mobile device, did you know you’re also sharing your internet account, email and Facebook?

And do really want to give your study buddy access to your Facebook account? They’ll just post cringe-worthy selfies from your camera roll or startling revelations about your embarrassing celebrity crush (which is obvs completely false).

Or even worse. They could use up all your internet data to watch cats being funny on YouTube. Which is fine, but only if you got to see the furry feline shenanigans as well.

How does this happen? Well, you’re connected to the Griffith Wi-Fi on your mobile device, right? You’ll notice that once you’ve signed in, you are never asked to sign in again.  You will be logged in and out of Internet access automatically as part of the Griffith Single Sign-on feature.

This means that when you share your mobile phone, tablet or laptop with your classmate, all their internet use will be billed and logged against you!

And don’t forget, you’re probably logged into all your social media and email accounts as well.

Which means they can not only post to your Facebook (as you), but also to Snapchat, Instagram and Twitter. And just for kicks, they could swipe right for all of Tinder.

Now, your friends and classmates are probably too responsible to be irresponsible with your digital life. They would never prank post on your social media, use all your internet data, or mess with your email.

But if they do. Just remember, we told you so.

Cyber security alert: bogus Griffith library emails

There has recently been a spate of fake library system notices sent to Griffith University staff and students which attempt to steal your username and password and potentially other personal information.

While there are a few variations of the email, most have the Subject: ‘Library Notifications’ and have a falsified From: address of ‘libraries@griffith.edu.au’.

The body of the email contains a claim that your library account access will expire soon due to ‘security precautions established to protect the University Libraries System’. It will tell you that you need to ‘renew your library account on a regular basis’ and to click on the given link.

Clicking on the link takes you to a malicious website, crafted to look exactly like Griffith’s Single Sign-On (SSO) Login page. This site is able to steal any username and passwords entered.

If you believe that you may have entered your login details on the fake login page, please change your Griffith password immediately.

Here are some tips on spotting bogus emails:

  • Does the address of the sender seem real?  Quite often phishing emails have a real looking name but the email address itself is a free email service rather than a Griffith address.
  • Is the email full of errors? While we all make the occasional spelling and grammatical errors, bogus emails tend to have a lot of errors in only a few sentences.
  • Does the email demand you click on a link and login to something immediately, otherwise you’ll lose access? They’re deliberately worded to make you curious or worried so you click on the link without thinking twice.
  • Is the email from a completely unexpected source? If you’ve not entered a lottery or competition, you cannot have won.

Please forward any suspicious emails to the Information Security team.