People are still using very simple passwords, with many of them similar to the ones they used in 2019
Choosing and using the right type of password is one of the biggest challenges for technology users. Creating and managing a strong and unique password for each account is impossible without some type of help. And using the same weak passwords across the board exposes you to greater risk of your accounts being compromised.
Passwords that lead to data breaches
Among the 200 most commonly used passwords this year, “123456” took first place, used by more than 2.5 million people and exposed more than 23 million times in data breaches, according to NordPass’s research. In second place was “123456789,” used by more than 961,000 people and exposed more than 7.8 million times in breaches.
Taking third place was “picture1,” a password new to the list of the 200 most common ones, and a bit more secure than the usual suspects. In the fourth spot was “password,” followed by “12345678” in fifth place. Rounding out the top 10 were “111111,” “123123,” “12345,” “1234567890,” and finally, “senha,” which is Portuguese for “password.”
Among the 10 most common passwords, eight of them would take a hacker less than a second to crack. “Senha” would take 10 seconds to crack. Only “picture1” would put up more of a fight, taking three hours before being cracked.
“Most of these passwords can be hacked in less than a second,” “Also, they have already been exposed in previous data breaches. For example, the most popular password ‘123456’ has been breached 23,597,311 times.”
Despite the risks, people continually use passwords that are easy to remember or the same from one account to another. More specifically, many people turn to familiar categories or topics to devise a password.
Other people create passwords based on such categories as entertainment (“pokemon,” “superman,” “batman”), sports (“football,” “soccer,” “baseball”), food (“chocolate,” “cookie,” “pepper”), and devices (“myspace1,” “computer,” “samsung”). Still others turn to positive words, names, and even swear words.
“Your weak password can be used for credential stuffing attacks, where the breached logins are used to gain unauthorized access to user accounts,” .”If you fall victim to a credential stuffing attack, you might lose your Facebook or another important account with all its content. Also, your email address could be used for phishing attacks or for scamming your family and friends, who may very well fall for it, as the email will supposedly be coming from you.”
Tips for managing passwords
Create a strong password. Never reuse passwords across multiple accounts. Create a unique one for each account and make them long. Don’t settle for anything shorter than 12 characters, even more if you can. Use a mix of upper- and lower-case letters, numbers, and symbols to significantly lower the risk of getting your passwords cracked. Also, make sure to change your passwords at least every 90 days. To create a complex, robust password, take advantage of a Password Generator.
- Avoid a weak password. Avoid using dictionary words, number combinations, or strings of adjacent keyboard combinations. For instance, “password,” “qwerty,” and “123456” are terrible passwords as they are too easy to crack. Also, refrain from repetitive characters, such as “aaaa” or “123abc.” Under no circumstances choose passwords based on personal details that might not be completely confidential, such as your phone number, birth date, or name.
- Try password salting. Add random characters to your password before you use it.
- Delete the accounts you no longer use and regularly check the ones you do for suspicious activity.
- Use two-factor authentication when possible.
- Use a password manager. Memorizing a number of random, complex passwords and having to manually type them every time is no picnic. Thankfully, you can make your life easier with a password manager. Such tools can generate unique, strong passwords, securely store them in an encrypted vault, and use the autofill feature to log in to your online accounts on the go.