Passwords that lead to data breaches

People are still using very simple passwords, with many of them similar to the ones they used in 2019

Easy Password concept. My password 123456 written on a paper.

Choosing and using the right type of password is one of the biggest challenges for technology users. Creating and managing a strong and unique password for each account is impossible without some type of help. And using the same weak passwords across the board exposes you to greater risk of your accounts being compromised.

Passwords that lead to data breaches

Among the 200 most commonly used passwords this year, “123456” took first place, used by more than 2.5 million people and exposed more than 23 million times in data breaches, according to NordPass’s research. In second place was “123456789,” used by more than 961,000 people and exposed more than 7.8 million times in breaches.

Taking third place was “picture1,” a password new to the list of the 200 most common ones, and a bit more secure than the usual suspects. In the fourth spot was “password,” followed by “12345678” in fifth place. Rounding out the top 10 were “111111,” “123123,” “12345,” “1234567890,” and finally, “senha,” which is Portuguese for “password.”

Among the 10 most common passwords, eight of them would take a hacker less than a second to crack. “Senha” would take 10 seconds to crack. Only “picture1” would put up more of a fight, taking three hours before being cracked.

“Most of these passwords can be hacked in less than a second,””Also, they have already been exposed in previous data breaches. For example, the most popular password ‘123456’ has been breached 23,597,311 times.”


Despite the risks, people continually use passwords that are easy to remember or the same from one account to another. More specifically, many people turn to familiar categories or topics to devise a password.

Other people create passwords based on such categories as entertainment (“pokemon,” “superman,” “batman”), sports (“football,” “soccer,” “baseball”), food (“chocolate,” “cookie,” “pepper”), and devices (“myspace1,” “computer,” “samsung”). Still others turn to positive words, names, and even swear words.

“Your weak password can be used for credential stuffing attacks, where the breached logins are used to gain unauthorized access to user accounts,” . “If you fall victim to a credential stuffing attack, you might lose your Facebook or another important account with all its content. Also, your email address could be used for phishing attacks or for scamming your family and friends, who may very well fall for it, as the email will supposedly be coming from you.”

Tips for managing passwords

  • Create a strong password. Never reuse passwords across multiple accounts. Create a unique one for each account and make them long. Don’t settle for anything shorter than 12 characters, even more if you can. Use a mix of upper- and lower-case letters, numbers, and symbols to significantly lower the risk of getting your passwords cracked. Also, make sure to change your passwords at least every 90 days. To create a complex, robust password, take advantage of a Password Generator.
  • Avoid a weak password. Avoid using dictionary words, number combinations, or strings of adjacent keyboard combinations. For instance, “password,” “qwerty,” and “123456” are terrible passwords as they are too easy to crack. Also, refrain from repetitive characters, such as “aaaa” or “123abc.” Under no circumstances choose passwords based on personal details that might not be completely confidential, such as your phone number, birth date, or name.
  • Try password salting. Add random characters to your password before you use it.
  • Delete the accounts you no longer use and regularly check the ones you do for suspicious activity.
  • Use two-factor authentication when possible.
  • Use a password manager. Memorizing a number of random, complex passwords and having to manually type them every time is no picnic. Thankfully, you can make your life easier with a password manager. Such tools can generate unique, strong passwords, securely store them in an encrypted vault, and use the autofill feature to log in to your online accounts on the go.

Password Managers and how they work for you

Intelligent programs that generate secure passwords and store data in a secure digital vault are used in many private homes and companies. The software has an intelligent and secure algorithm and can generate new passwords at the touch of a button. Users can set various options themselves or use the default settings. You can decide on the length of the passwords, upper and lower-case letters, numbers, and special characters. With one click of the mouse, the password manager creates an extremely secure password that cannot even be cracked by an experienced hacker.

The program stores the passwords and other registration data in a secure database, an SSL-encrypted vault. The password manager can securely store online registration data, passwords, payment details, and other personal information. Users can access their stored data from any device with the cloud functionality and automatic synchronization; however, only after users enter their unique master password.

The automatic form filler saves a lot of time.

On the one hand, every program creates secure passwords, while on the other hand managing all the data. Which other features are available differs among the password managers. Many developers continuously improve their software and add new, useful features. The automatic form filling function is both particularly handy and time-saving. Such forms can be found on almost all websites. With every online order, names, addresses, and many other fields must be filled in: a laborious, manual process. The password manager completely takes this off users’ hands, saving them a lot of time. All important registration information and passwords are stored in the secured database. In combination with a browser extension, the password manager can automatically fill in these data on all websites.

Set-up and use

  1. Installation of the password manager
  2. Setting up the browser extensions
  3. Setting up the user account
  4. Generating a secure master password (must not be forgotten)
  5. Importing all data from the browsers
  6. Optional installation of a mobile app
  7. Additional security by means of two-factor authentication (if available)
  8. Local data backup or in the cloud

Why no one should do without a password manager

A password manager is inexpensive and the small investment already bears fruits after a short period of time. Purchasers benefit from secure passwords and no longer have to remember them themselves. To access the encrypted database, they always have to enter their master password to then access the stored data from numerous devices. Surfing the Internet becomes significantly more comfortable and secure when forms are filled in automatically.

Do you need a recommendation for your system please give us a call and we will talk through your system and set-up and recommend the best solution for you