Avoid using these unsafe passwords or your account will get hacked easily.
It is said that the best passwords are the ones which are the hardest to guess. That saying is quite true.
The more unique a password is, the harder it is for a person’s account to be compromised by the hackers. That is also why people are recommended to use passwords which are as random as possible.
But not everyone does that, or so it seems. Humans keep using passwords online which are not only easy to guess but are extremely common too. We have evidence to prove that.
Nordpass, which is owned by the same company that owns infamous NordVPN and NordLocker, has released a list of the Top 200 most common passwords used on the internet.
Nordpass has compiled the list in partnership with independent researchers in cybersecurity, with over 4 TB worth of data. They have also broken up the data further based on 50 different countries and Male and Female genders whenever selected.
Here’s the list of top 10 most commonly used passwords worldwide:
- 123456
- 123456789
- 12345
- qwerty
- password
- 12345678
- 111111
- 123123
- 1234567890
- 1234567
As one can guess. Neither these passwords hard to guess, nor hard to crack, with all of them crack-able within just a single second.
But the problem is not just these passwords, the first password for example used by whopping 100 million plus user accounts worldwide alone. With the top 10 when combined, make almost 275 million plus user accounts.
Diversified password usage
As scary does the above passwords look, the most interesting thing about this research isn’t the top worldwide password users alone. It’s how they differ from countries to genders.
For example, in the United Kingdom, Liverpool, Arsenal and Charlie are in top 10. But it changes completely when male and female are taken into account. UK men love Chelsea, but their women love chocolate, at least as far as passwords are concerned.
In the United States the top passwords are similar to the global trends, but US women like using sunshine, iloveyou, princess more. How beautiful.
The French love loulou, marseille and tiffany. Here too women prefer chocolat (chocolate in French), in addition to doudou (Teddy), soleil (Sun), chouchou (Pet) and jetaime (I love you). Cute isn’t it. Interestingly, French don’t use the qwerty a lot in their passwords, instead azerty is used more as AZERTY version of keyboards are used in France instead of QWERTY keyboards. Goes to show that not a lot of thought goes into selecting passwords, even if you change the keyboards.
Germany surprisingly isn’t too different in top 10 than global average, but women there too love ichliebedich (I love you) and marchelle27, which is probably a common name there.
In Asian countries, Japan too isn’t spared from usage of common passwords, but in the land of anime, Doraemon isn’t even in top 40 for men (forget any other anime reference before that), however it has a lot of women using sakura in their passwords. Something which we guess is a probably common name in real too.
In Spain, looks like everyone really love their football. Both men and women have equal amount of usage of the password barcelona. But out of top 10, men really like realmadrid (Real Madrid) unlike the women who aren’t much interested.
The Nordpass report itself too specifies some interesting facts. For example, huge amount of people love using their own name in passwords. Then Onedirection, it seems, is still quite famous. In cars, people love Ferrari and Porsche. In bands, Metallica outranks others. Also, women significantly like using iloveyou more than men.
How are passwords cracked and accounts hacked
There are many ways to crack a password. But the most common methods that gets accounts hacked are through social engineering, brute force and through dictionary.
In social engineering, people are fooled into giving their passwords to their hackers. It happens when they click on a phishing link or open a perfectly legit looking fake site into which people enter and give away their username and passwords. Here cracking a password isn’t required.
When it comes to brute forcing. Hackers try randomly generated passwords (thousands of them in a single second) and try to crack accounts through it.
When it comes to cracking passwords through dictionary, as the name suggests, hackers use most commonly used passwords, feed them into their cracking tools and try cracking the passwords that way.
All above methods mean one thing. People online need to use better passwords.
How to make and use good passwords
The Nordpass report gives 5 points to follow good password habits, they are:
- Use complex passwords
- Never reuse passwords
- Regularly update passwords
- Check password strength
- Use a password manager
All above points are good. But frankly speaking, there are two ways to make and keep passwords.
The first way is to use a password manager, like Nordpass, Lastpass, Bitwarden, 1Password for online password storage. Or KeePassXC for storing your passwords locally, which is far safer than storing online but subject to data losses unless backed-up.
With password managers one can generate good, hard to remember, randomly generated passwords for each individual sites which is taken care by the password managers. This creates virtually un-crackable passwords, but users don’t remember any of them, which creates an over-reliance on password managers which can be messy in case it decides to stop working somehow.
The second method is to create one yourself. Pick three or more completely random and unrelated words, use Upper Case and lower case letters, add special characters like @#&/?* and others in between, use numbers in them, don’t forget using full stop (.), comma (,) in special characters too.
This ensures that you are creating strong and easy to remember passwords.
But people should remember to one, not share their password to anyone unknown or enter it on suspicious sites without thoroughly checking them and two, use different passwords on different sites.
