Foltyn: These passwords may win the popularity contest but lose flat out in security

Year after year, analyses show that millions of people make, to put it mildly, questionable choices when it comes to the passwords they use to protect their accounts. And fresh statistics for the year that is drawing to a close confirm that bad habits do die hard and many people willingly put themselves in the firing line of account-takeover attacks.

Drawing on an analysis of a total of 500 million passwords that were leaked in various data breaches in 2019, NordPass found that ‘12345’, ‘123456’ and ‘123456789’ reigned supreme in order of frequency. Between them, these numerical strings were used to ‘secure’ a total of 6.3 million accounts. It doesn’t get much more optimistic further down the list, however, as these three choices were followed by ‘test1’ and, the one and only, ‘password’.

Somewhat predictably, the chart is overall replete with many usual suspects among the most common passwords – think ‘asdf’, ‘qwerty’, ‘iloveyou’ and various other stalwart choices. Other supremely hackable passwords – including simple numerical strings, common names, and rows of keys – also abound. Much the same picture is painted annually by SplashData’s lists of the most-used passwords, such as last year, the year before that, and so on.

The entire list of the 200 most popular passwords is available in NordPass’ blog post, but here’s at least the top 25. Let that sink in.

1 12345

2 123456

3 123456789

4 test1

5 password

6 12345678

7 zinch

8 g_czechout

9 asdf

10 qwerty

11 1234567890

12 1234567

13 Aa123456.

14 iloveyou

15 1234

16 abc123

17 111111

18 123123

19 dubsmash

20 test

21 princess

22 qwertyuiop

23 sunshine

24 BvtTest123

25 11111

Eerily familiar?

If you recognize any of the above as your own, then fixing your passwords is almost certainly one of the things that deserve a place on your laundry list of New Year’s resolutions. For starters, fixing here means not having the exact same idea as millions of other people when you’re signing up to a service and are asked to create your password.

One way to go about this is opt for a passphrase, which, if done right, is generally a tougher nut to crack as well as easier to remember. The latter is especially useful if you don’t use password management software, which, somewhat unsurprisingly, has been shown to benefit both password strength and uniqueness. Yes, that passphrase should, of course, be unique for each of your online accounts, as recycling your passwords across various services is tantamount to asking for trouble.

You may also want to watch out for password leaks. There are a number of services these days where you can check if your login credentials may have been caught up in a known breach. Some of them even offer you the option to sign up for alerts if your login information is compromised in a breach.

In fact, as ours is an era where login data are compromised by the millions, why settle for one line of defence if you can have two? At the risk of repeating ourselves, two-factor authentication is a highly valuable way to add an additional layer of security to online accounts on top of your password.

About the author

Tomas Foltyn is a security writer at Eset, a global IT and cyber security solutions provider.

Copyright 2019 Al Hilal Publishing and Marketing Group Provided by SyndiGate Media Inc. (Syndigate.info).

Disclaimer: The content of this article is syndicated or provided to this website from an external third party provider. We are not responsible for, and do not control, such external websites, entities, applications or media publishers. The body of the text is provided on an “as is” and “as available” basis and has not been edited in any way. Neither we nor our affiliates guarantee the accuracy of or endorse the views or opinions expressed in this article. Read our full disclaimer policy here.