Weak passwords remain a problem on the Internet today. It seems that many users continue to choose weak passwords that were weak 20 years ago and remain the weakest passwords even now. Presumably it's a degree of convenience and a degree of not-knowing-better that play a role here.
nordpass has issued This is the sixth annual password report of the top 200 most common passwords. The company analyzed a 2.5 terabyte database that it “extracted from various publicly available sources”.
Comment: There is a possibility that NordPass could not crack the entire list of passwords. That said, if any of your passwords are found on such a list, it's best to change it to something more secure immediately.
The top 10 across all countries are as follows:
- 123456
- 123456789
- 12345678
- Password
- qwerty123
- qwerty1
- 111111
- 12345
- Secret
- 123123
You can see separate lists of 44 countries or similar for corporate passwords, which NordPass lists in a separate list.
All non-corporate passwords in the top 10 are cracked in less than a second, according to NordPass. The other 190 passwords use the same scheme and most are also cracked in less than a second. While numbers and QWERTY dominate, the list also includes single words and even some passwords that are more complex.
Related Content:
How long does it take to crack a password in 2024?
You find tag12wsx in position 30. According to NordPass it was viewed more than 90,000 times. Other examples include 111222tianya, which was found over 44,000 times, and chess, which was found over 23,000 times.
If you take a closer look at the password, you can notice the absence of symbols. While there are one or two passwords containing the @-symbol, a few with !, and g:czechout that take the longest to crack in the entire list, almost no symbols are used in the entire list.
The other interesting thing is that there are hardly any capital letters in it. The first uppercase letter found in the password is ins, which is at the 26th position. Next is Qwerty123, at position 36 and Qwerty123! At position 46.
to sum it up:
- The most common passwords use only lowercase letters and numbers for the most part.
- Symbols and capital letters are almost absent in the entire list.
NordPass' findings:
- Password 123456 is still the worst password in the world.
- Corporate passwords and non-corporate passwords are not that different from a security perspective.
- There seems to be no improvement compared to six years ago.
The list highlights a problem, but it's not yours
NordPass suggests that users can improve their password security by using a password manager. This is the main takeaway from all the weak password lists.
Unless you're really good at remembering strong unique passwords, password managers are the best option. There are plenty of free options available.
KeePass, which also remains my personal favorite app bitwardenWhich is also excellent and open source. It depends on your individual usage scenarios.
The main advantage of the password manager is that it creates and stores as many strong unique passwords as you need. BitWarden is a little easier to use if you need syncing, but both support it in some form.
The good news is that you can get started right away if you haven't already. Most regular people on Ghacks are probably already using a password manager or multiple managers. The password manager takes a few minutes to download and install. Support importing from multiple browsers and many other apps. You may need some time to change a weak password to a secure one, but the heavy work is done by the password manager.
Passkeys, an upcoming standard that replaces passwords with keys stored on users' devices, won't be replacing passwords any time soon. The pace of adoption is increasing, but it is still slow. Many Internet services, systems or apps do not yet support the standard. Many Internet users may find a system too complex to use, at least for years to come.
What is your opinion on this analysis? Do you occasionally use weak passwords, or do you use highly secure passwords even for useless accounts? Feel free to leave a comment below.
Thanks for reading..
