Our cultural life moves into virtual space, as well as many business operations. We no longer go to the bank, but go to the bank’s website or app on a mobile phone. We do not go to the store, but order goods on the local websites or abroad.
One unreliable password can cause many problems. Suppose a hacker picked up a password for your primary mail. They learned that you were using iCloud, restored access to it, and blocked your iPhone. Then, they reset the password to your Facebook page and got access to your personal messages. There the attacker found a photo of your documents, a phone number, and credit card details. They used this data in a chat with the bank, linked another phone number to this account, got inside, and took your money.
We can request passwords from most services to our mailbox by using the “forgotten password” option, so hackers need to know the password to our mail to understand where we have accounts and request passwords on them.
Many experts analyze tens of millions of accounts hacked by cybercriminals recently, such as the British National Cyber Security Centre. Following these hacks, experts compiled a list of 100,000 most “vulnerable” passwords and posted it on the Internet. If you see your password on this list, you should change it because hackers try these passwords more often.
18 Millions Passwords Analyzed
The experts analyzed about 18.5 million passwords to find the weakest and vulnerable. The major part (11 million) was collected from the general databases, leaked US AOL accounts, and hacked .edu users.
The second category (7.4 million) was country-specific; the passwords from non-English-speaking countries were analyzed (Germany, France, Russa, Italy, Spain).
This analysis helped to identify the most used passwords, the general password patterns, and the cultural peculiarities of each nation.
The List Most Popular Passwords in the World
Password Creating Details and Trends
“123456” remains the most popular and one of the most hacked passwords. It was present in 23 million hacked accounts recorded in the database of the British National Cyber Security Authority.
The third place is taken by the password “123456789” – 7.7 million hacked accounts.
Often there were passwords like “qwerty” and “password” – 3.8 and 3.6 million hacked accounts respectively.
3.11 million hacked accounts had a password of 111111.
Hackers often guess passwords by the names of users or their loved ones. Thus, the most common “name” password in hacked accounts was “ashley” (432,000), “michael” (425,000), “daniel” (368,000), “jessica” (324,000), “charlie” (308,000).
Besides, the people like to put passwords on the names of their favorite sports teams, music bands, and film staff. In particular, in hacked accounts there were hundreds of thousands of passwords like “liverpool,” “chelsea,” “50cent,” “eminem,” “metallica,” “superman,” “naruto,” “pokemon,” “batman.” Such passwords like “Christ” and “Jesus” were noticed 7432 and 7414 times, respectively.
And even if you think that a password like “gayASSfagpastebinleaks” cannot be guessed, you are wrong – it is also on the list of passwords present in different hacked accounts, although, of course, not in such quantities as “123456.”
Also, many European users (mostly Spanish and Italian – about 5% of all users) tend to use their first names as passwords. The second place is taken by Russians and Germans (3%). At the same time, Russians prefer keyboard patterns instead of meaningful words. For example, they apply alphanumeric characters for the passwords.
Hackers’ Top Passwords List
Also, the experts compared the identified passwords with those the hackers use when they test login security. They use some programs and sources to create the list, among which are password cracking program (John The Ripper), network discovery tool (NMAP), most used passwords lists, and honeypot credentials.
The list is as follows:
In comparison to the data gathered before, we see that “123456,” “password,” and “123456789” are the weakest and the most used passwords all over the world. These numeric patterns are common for 80% of the worldwide population.
How to Create a Strong Password
It is often possible to hear from specialists that the password should be selected at random from the most unimaginable set of characters, like tMx$ccogV1#a. However, such passwords have a disadvantage – they cannot be remembered, and it is necessary either to save them in the memory of the browser/application, in many ways demystifying the procedure of entering the password, or to type “from the sheet” every time. And if you lost the paper with this password, it will not be possible to remember it.
So the vast majority of people prefer memorable passwords. However, the more obvious the password is, the easier it is to hack.
- The sensible way is to pick a password obvious to yourself, but not to others (and not even to those who know you well or can find out). For example, if you fear hacking accounts by relatives and friends, do not password your date of the birth or mobile phone number, name, favorite sports team, etc.
- It’s wise to pick up a word that only you will keep in your mind and complicate it with numbers. For this purpose, you can reverse some not very used word and add some figures, say, year of birth. It is almost impossible to find such a password, even if you do not hide the date of birth, and it is easy to remember.
- Besides, even if you are a supporter of using one password for all life cases, it is reasonable to make a unique password for the mailbox, and another – for everything else. Then whoever breaks into any of the many services you have accounts on won’t get the password from your mailbox as well.
Now many services require that letters in different registers be inserted into the password, as well as numbers and characters from the set of “bracket-commas.” Hence, if you want to use the same password everywhere, make it meet all standard criteria in advance, rather than modifying it every time as required on different sites. Otherwise, you will soon forget where the big letter was inserted and where the number was added to the main password to adapt it to the requirements of service. Or you will have to request a password change by mail each time on many sites.
The question of how to make a password meet most requirements and remember it is also very relevant because even if we chose a password, say, a mnemonic set of letters “bonbhitq” (“be or not be, here is the question”), you should consider that in different places we may be required to insert: two letters in upper case, two digits, two icons from the arithmetic set. Therefore, a memorable password suitable for any service may look like this: bonb(1976)hitq.
Where to Keep Passwords
It’s best to keep passwords in your mind. There’s definitely no way hackers can get there. Remember, if you decide to write it on paper or save it in smartphone notes, these methods are unreliable. Therefore be careful. There is always a chance that others will see the notes.
The new password is always hard to remember. The best way to do this is not to save the password for the first time, but to enter it manually. After a few dozen attempts, mechanical memory will develop, and you will begin to automatically enter the password.
It’s harder to remember a lot of passwords at the same time. For such cases, there are password managers: KeePass, LastPass, or Roboform. These are programs that remember and store passwords for you. All you have to do is think of and remember the main password – to sign in to the program. Since this is the password manager, let it be the longest and most complex.
How Not to Declassify Your Password
It’s not enough to think of a reliable password – you still have to be careful not to reveal it to hackers. Storing passwords in your head is the first step. But that’s not enough because hackers can intercept them at the time of their entry. To keep your passwords private, try:
- Create a new password for each important service.
- Enable two-factor authentication wherever this option is available.
- Do not save passwords in the browser.
- Do not enter passwords on sites without an SSL certificate.
- Don’t trust anyone or name a password. Even to friends. Even to parents.
- Change your password every time it feels like it might have been stolen. Otherwise, change your password at least once every 6 months.
You can’t ward off the problem. Even if you don’t buy goods online and don’t use internet at all, your data can still leak. The digitization of the business leads to the fact that even if you simply show a passport in the travel agency or pay with a card in the store, then this data can flow from a third company that performed any work on the outcast for these enterprises.