Despite the growing cybersecurity threats, the one area that is within easy reach seems to be also the one that gets ignored the most.
The annual list of ‘worst passwords’ is out. Cybersecurity company NordPass has announced the ‘Most common passwords’ of 2022 list.
NordPass worked with independent cybersecurity specialists and evaluated a 3-terabyte database of cybersecurity incident research across 30 countries this year.
The study noted a recurring pattern that has persisted over the years — people tend to use numbers in sequence and base their passwords on themes like current events, fashion brands, and sports.
“Here are the top 200 most common passwords in 2022. We learned that despite growing cybersecurity awareness, old habits die hard. The research shows that people still use weak passwords to protect their accounts. This year, we looked at how culture impacts passwords. Explore the list now,” NordPass said in a statement.
This year “password” was used nearly five million times in their sample, eclipsing all other weak passwords by a significant margin.
Though password choices have not changed much from year to year, NordPass’s 2021 sample was slightly different. Then, the password “123456” topped global rankings, and “password” was second, but number sequences were just as popular as they are now.
As such, the majority of the 200 other passwords in this year’s study mainly comprise number sequences starting with “123,” or variations like a string of zeros, ones, or other numbers. Other weak examples included “iloveyou,” “football,” and “samsung.”
MOST PASSWORDS CAN BE HACKED IN LESS THAN ONE SECOND
Most of the passwords in the top 200 list could be cracked — or hacked — in less than one second. Some, like “guest” and “col123456,” take around 10 seconds, while others, like “Groupd2013”, can take up to 3 hours.
However, longer passwords such as “9136668099” take 4 days to crack, the study showed. This proves that passwords that are ten characters or longer — but not in a typical sequence — are immeasurably safer.
HOW CURRENT EVENTS AFFECT USER PASSWORD CHOICE
Users tend to get inspired by current events when creating their passwords. “There’s more than one way to get swindled on Tinder,” NordPass said, referencing the use of the dating app as a password 36,384 times in the study. “Using ‘tinder’ as your password is riskier than swiping right on a billionaire.”
Users were also inspired by events like the Oscars resulting in the password “Oscars” being used 62,983 times. Popular films and shows such as Encanto, Euphoria, and Batman which were released between 2021 and 2022 are still popular password choices, NordPass said. For instance, the password “batman” was used 2,562,772 times.
“While the worst passwords may change every year, human beings are creatures of habit. Every year, researchers notice the same pattern — sports teams, movie characters, and food items dominate every password list,” the study said.
PASSWORD REUSE IS DANGEROUS
Using easily guessable credentials is one thing, but reusing them across multiple accounts can unfold into large-scale hacking campaigns and personal compromise. A recent study by password manager Dashlane said over 50 percent of passwords are reused globally.
For instance, hackers can breach millions of accounts by “stuffing” websites with stolen, weak credentials via automated programs — a.k.a a credential stuffing attack. Credential lists can often end up for sale on the dark web, which can easily be purchased by anyone for cryptocurrency.
In one such case in September, hackers were able to breach Microsoft Exchange servers — used by millions of enterprises worldwide primarily for email — and deploy malicious applications onto these servers to target users with phishing emails which can lead to financial theft or identity fraud.
Another example — among the biggest cybersecurity incidents to make the news this year — was this month’s Australian Medibank hack, which the company’s CEO said may have been caused by a stolen password.
Password security is vital. To make malicious actors’ lives more difficult, use password managers, which can store all of your passwords in a secure locker as well as create complex and secure passwords for your accounts.