Passwords protect access to our accounts. For some reason, we think “123456” or “password” will do this successfully.
Are passwords still black magic for us?
Did remote and hybrid work contribute to users’ awareness of online threats? Perhaps it is so, but the truth is that we are still making mistakes in the fundamental problem of strong passwords. Even if we know the rules, we don’t always stick to them – as the following transcript of a study by NordPass shows.
Millions of people put in passwords that can be hacked in less than a second
Experts from NordPass analyzed the “weight” of 3 terabytes of password databases that they managed to crack. On this basis, it was possible to determine which of them are repeated most often. In short – what are the worst passwords: They are frequently used by third parties and can be easily intercepted.
absolute One number turned into a “password” – This password has been found about 5 million times in the described database alone. Meanwhile, it currently takes less than 1 second to break it. A cybercriminal needs the same amount to hack the next password in the order: “123456”. Also, don’t think that adding the next three numbers changes anything – “123456789” standing on the lowest rung of the platform can also be discovered in less than a second. What was then…?
Worst passwords of 2022:
- Password (breakable in less than 1 second)
- 123456 (for penetration under 1 second)
- 123456789 (breakable in less than 1 second)
- Guest (breakable in 10 seconds)
- qwerty (breakable in less than 1 second)
- 12345678 (breakable in less than 1 second)
- 111111 (to hack under 1 second)
- 12345 (to break under 1 second)
- col123456 (breakable in 11 seconds)
- 123123 (breakable in less than 1 second)
- 1,234,567 (breakable in less than 1 second)
- 1234 (breakable in less than 1 second)
- 1234567890 (breakable in less than 1 second)
- 000000 (breakable in less than 1 second)
- 555555 (breakable in less than 1 second)
- 666,666 (breakable in less than 1 second)
- 123321 (breakable in less than 1 second)
- 654321 (breakable in less than 1 second)
- 7,777,777 (breakable in less than 1 second)
- 123 (for breakage under 1 second)
- D1lakiss (breakable in 3 hours)
- 777777 (breakable in less than 1 second)
- 110110jp (to break in 3 seconds)
- 1111 (for penetration under 1 second)
- 987654321 (breakable in less than 1 second)
If you think “1q2w3e4r” is more creative, then… no – it’s not (it’s the 32nd). In turn, “iloveyou” ranks 43rd, and “1qaz2wsx” ranks 55th. The password that requires the longest cracking in the TOP 200 ranking is “marseille” from 168th – but it’s still only a day.
What are we doing wrong?
What’s wrong with all these passwords? Well, they are breaking the basic rules. First of all: it’s too short – in fact, the length of the password plays a major role. A good password should contain ten characters or even more.
Clarification: XKCD (CC BY 2.5)
Second, they are easy to guess because they either contain natural strings on the keyboard, or real words that are present. This is also a big mistake. A good password should be easy to remember, but hard to guess.
Of course it all depends…
Of course, a bank account password is something other than a website that we want to log into once and never come back to. However, believing that the passwords in this report only apply to the latter situation may be a sign of naivety.
Source: NordPass, Softpedia
“Infuriatingly humble musicaholic. Problem solver. Reader. Hardcore writer. Alcohol evangelist.”
Didymus is a space racer. He moves so fast that he suffers the consequences
How about turning leaves into electricity generators? A team of scientists came up with an unusual idea
Black holes absorb light but also produce shadows. How does that happen?