In an era of increasing cyber awareness, fueled by the need for many to work from home, millions of people are still using “123456” to secure their online activity. It was the most used password in 2020. Last year’s top spot was taken by the password “12345”. Here’s a tip folks, adding that extra digit doesn’t make the password any more secure!
A staggering 2,543,285 people used “123456” as a password in 2020. The second most popular password was “123456789”, the fifth most popular was “12345678”, followed by “111111”, “123123”, “12345”, and “1234567890”.
A new report from password manager, NordPass, says these numerical passwords can be cracked in less than a second. Also able to be cracked in less than a second is that old favorite “password” which was the fourth most popular. The third most popular password was a new entry in this year’s report – “picture1” and this took three hours to crack.
Using the word “password” in other languages doesn’t help much either, with “senha” (Portuguese) for example taking 10 seconds to crack. Other common alphabetical passwords include “qwerty”, “iloveyou”, “dragon”, “princess”, and “asdfghjkl” – yep, that’s the second line of letters on a standard keyboard.
Colors and names are also easy to crack, especially if you happen to be called “jordan” or “ashley”. And frustrated hackers may reach “fuckyou” quicker than you might think (less than a second).
As well as “picture1” and “senha”, there were several other new entries. “Million2”, “qqww1122” also featured in the top 20. The 36th entry in the report, “chatbooks”, was also new for 2020 and although commonly used by over 45,000 people it took one day to crack.
The password on NordPass’s list that took the longest to crack was “jobandtalent”. A new entry on this year’s list as the 54th most popular password in 2020, used by 34,512 people, this password took three years to crack.
NordPass advises against reusing passwords across multiple accounts. Instead, it recommends creating a unique one for each account and make them long: “Don’t settle for anything shorter than 12 characters, even more if you can. Use a mix of upper- and lower-case letters, numbers, and symbols to significantly lower the risk of getting your passwords cracked. Also, make sure to change your passwords at least every 90 days.”
NordPass offers a free password manager, which allows users to generate unique, strong passwords, securely store them in an encrypted vault, and use the autofill feature to log in to their online accounts.
Another tip, if you want to be able to remember your passwords yet still make them secure, is to use an unusual link that would be memorable only to you. For example, your Amazon password is the name of your favorite bird found in the Amazon rainforest along with a number of Google results for this bird in an image search. For a Microsoft login, you might think of the name of your favorite soft toy (Micro-soft, get it?) when you were a kid, along with the year you had it split reverse either side of the word, like “74Greeboo19”. Or it could be a word in an obscure foreign language with the latitude of the neighboring country. It depends how good your memory is and how connected (or bizarre!) your thinking is. Just avoid the obvious words, in any language. And no more 12345…
With more and more people working from home, and the likelihood that this shift will continue for many post-pandemic, as well as the number of connected devices, personal cybersecurity is as important for infrastructure resilience as cybersecurity in the workplace.