Home / News / Culture Watch / What were the worst passwords for the past year?
worst passwords

What were the worst passwords for the past year?

NordPass has published its annual research on the most common or worst passwords of the year.

The most popular passwords of 2020 were easy-to-guess number combinations, such as “123456,” the word “password,” “qwerty,” “iloveyou,” and other uncomplicated phrases.

The list of passwords was compiled in partnership with a third-party provider, which evaluated a database that contained 275,699,516 passwords in total. Of those, only 122,894,788 were unique. This is only 44% of unique passwords.

“Despite the constant reminders from cybersecurity experts, after comparing the list of the most common passwords of 2020 with the same list from 2019, it became pretty clear that people are still using very simple passwords, and a lot of them are similar to the ones they used last year,” said NordPass.

Only less than half (78) passwords were new on the 2020 “most popular” list.

If you recognize your password among the top 200, cybersecurity expert Chad Hammond suggests changing it immediately.

“Most of these passwords can be hacked in less than a second. Also, they have already been exposed in previous data breaches. For example, the most popular password “123456” has been breached 23,597,311 times.”

Hammond also warns about the threats of not using a unique password or using one that’s easy to hack. “For example, your weak password can be used for credential stuffing attacks, where the breached logins are used to gain unauthorized access to user accounts.

If you fall victim to a credential stuffing attack, you might lose your Facebook or another important account with all its content.

“Also, your email address could be used for phishing attacks or for scamming your family and friends, who may very well fall for it, as the email will supposedly be coming from you,” said Hammond.

READ: End of the year is a good time for a financial review and tune-up

 

What do cybersecurity experts advise?

Use complex, lengthy, and unique passwords and store them in a password manager.

Use 2FA if possible.

Delete the accounts you no longer use and regularly check the ones you do for suspicious activity.

Try Password Salting — adding random characters to the passwords before it’s hashed.

“Ashley” was the most popular name used as a password last year (26th place). This year, not only did it drop to the 31st position, but was also beaten by “aaron431” (18th place), which became the most popular name for a password.

 

How to create stronger passwords

Avoid using dictionary words, number combinations, or strings of adjacent keyboard combinations. For instance, “password,” “qwerty,” or “123456” are terrible passwords, as they are too easy to crack.

Also, refrain from repetitive characters, such as “aaaa” or “123abc”, and under no circumstances choose passwords based on personal details that might not be completely confidential, such as your phone number, birth date, or name.

 

How to create a strong password

Never reuse passwords across multiple accounts. Create a unique one for each account and make them long — don’t settle for anything shorter than 12 characters, even more if you can.

Use a mix of upper- and lower-case letters, numbers, and symbols to significantly lower the risk of getting your passwords cracked. Also, make sure to change your passwords at least every 90 days.

To create a complex, robust password, take advantage of a Password Generator.

 

The Top Ten Worst Passwords

Here are the Top Ten on NordPass’s list of the Top 200 Worst Passwords;

  1. 123456
  2. 123456789
  3. picture1
  4. password
  5. 12345678
  6. 111111
  7. 123123
  8. 12345
  9. 1234567890
  10. senha

For the complete list go here.

X
X