Cyber Security

Man who uses ‘Password123’ for everything claims he’s ‘not important enough to hack’

Martin Eccleston, 47, a logistics coordinator for a medium-sized packaging distributor in Slough, has spent the past eleven years using variations of ‘Password123’ across approximately forty-seven different accounts. He remains confident that no malicious actor would find him sufficiently interesting to target.

We sat down with Martin to discuss his approach to digital security.

Your employer recently mandated a cybersecurity training course. How did that go?

Well, I did the module. Took about twenty minutes if you click through at a decent pace. They’re very keen on having different passwords for everything, which I understand from a theoretical perspective, but I think they’re imagining scenarios that don’t really apply to someone at my level. I’m not the CEO. I don’t have access to anything genuinely sensitive.

What accounts do you manage with your current password system?

The usual things. Email, obviously. Online banking. The company procurement portal, though that’s ‘Chelsea2015’ because they made me change it in 2015 and I’d just watched the match. My Amazon account. The system we use for managing client shipping addresses and payment details. Netflix, but I think everyone shares that one anyway. The HR portal where I approved the last round of redundancies. Nothing that anyone would particularly want.

You mentioned your bank account uses ‘Password123’?

It did until about 2019, when they forced everyone to update their security. Now it’s ‘Password123!’. The exclamation mark was their idea, not mine. I thought it was a bit much, honestly, but apparently it satisfies the special character requirement. I use the same one for my savings account, my ISA, and my late mother’s estate account, which I’m the executor for. Keeps things simple.

Have you ever been hacked?

Not that I’m aware of. I did get a rather odd email last month saying someone had accessed my Tesco Clubcard account from Romania, but I think that was just a phishing attempt. I deleted it. The real question is why anyone would want to access my accounts in the first place. I’m a logistics coordinator in Slough. I’m not storing nuclear codes.

You mentioned the procurement portal earlier.

Yes, that’s for ordering stock and approving supplier payments. I can authorise transactions up to £50,000 without secondary approval, but again, it’s all very routine. Pallets, mostly. Sometimes industrial wrapping equipment. The system holds our supplier bank details and our own account information for about forty-seven regular vendors, but it’s not as though anyone’s specifically trying to get into the packaging industry’s financial infrastructure. We’re hardly cryptocurrency.

Your confidence in this approach seems quite firm.

Look, I’ve read the statistics about data breaches. I understand they happen. But these are enormous companies, aren’t they? British Airways, TalkTalk, that sort of thing. Millions of customers, valuable data. I think people overestimate how interesting they are to criminals. I certainly do. I had a ready meal from Sainsbury’s for dinner last night. I watched two episodes of a programme about canal boats. Nobody’s interested in my digital footprint.

The security training recommended using a password manager.

Yes, and then you have to remember the password for the password manager, don’t you? It seems rather circular. Besides, I’d need a password to access the password manager, and we’re back where we started. Much simpler to have one good password that you can rely on. ‘Password123’ has served me very well for over a decade. If it’s not broken, I don’t see the need to fix it.

Leave a comment

Your email address will not be published. Required fields are marked *