Choosing a password forces you to strain the little gray boxes of both ordinary users and cybersecurity professionals. And nothing makes people roll their eyes more than a reminder to have unique passwords for all of your online accounts.
Meanwhile, it took cybercriminals about 1 second to crack most of the participants in the collection of the worst passwords of 2020.
How the password vulnerability research was conducted
The most-cracked passwords rankers – the creators of the password manager NordPass – worked with a third-party vendor to evaluate a database of 275,699,516 passwords. Of these, only 122,894,788, or 44%, were unique. The rest were repetitions of common, easy-to-remember passwords that left users highly vulnerable to online threats. Only 78 of the 200 most used passwords this year were new.
- The list shows the number of users using this or that password, how many times the password was cracked and how long it took to crack it.
- Also, the creators of Nordpass compared the worst passwords of 2019 and 2020, showing how their positions have changed.
- Green arrows indicate a rise in the position, and red arrows indicate a decline.
Leaders among the most cracked passwords
So, what is the most popular (i.e. unreliable) password every year since 2013? No, it’s not “password”, which is number 4. And not even “qwerty”, which is only on line 12.
In fact, “123456” is the champion in password vulnerability. And its longer cousin “123456789” takes the second position.
A newcomer to the top three is picture1, which took 3 hours to crack. Also among the novelties of vulnerable passwords are naruto (on the 112th line), password123 (on the 120th place) and starwars (on the 151st position).
Another interesting fact: the five most frequently used vulnerable passwords are used by over 4 million users in total. And this is only according to Nordpass data, so the real number of those who choose simplicity over security may be much higher.
If your password is on the list of most used in 2020, we recommend that you change it immediately. And NordPass offers to change passwords every 90 days by mixing uppercase and lowercase letters and create different passwords for each of your accounts.
How can you protect your password from intruders
Password management apps (such as Nordpass, 1Password, Dashlane, and LastPass) are currently the best method to mitigate the risks that passwords pose to individuals and organizations. Password managers are inexpensive and easy to use, giving users the ability to generate and store long random passwords.
You can also add a multi-factor authentication layer on top of the password manager to further protect your “secret store”. One password to remember is much better than several.
When choosing a password, avoid patterns or repetitions, such as letters or numbers, that are next to each other on the keyboard. Also, the hacker’s task will be greatly complicated by adding capital letters, symbols and numbers to the password in unexpected places.
And what should not be done categorically is to use personal information as a password, such as date of birth or names.
Summing it up briefly
A secure password is not found in the public domain (for example, in dictionaries), is not used in other user accounts, and contains a few random characters that would take forever to guess.
Password fatigue is a real problem, which leads to the fact that personal data and other sensitive information can be stolen by attackers. The creators of the password manager Dashlane recently surveyed 1,000 people about their security habits and found some interesting statistics:
- 89% of consumers felt safe with their current password management and password habits.
- However, 61% have used the same passwords on multiple sites.
What age people most often use the same passwords for different services? The answer may surprise you …