The Sad Reality of Password Security
Laziness and Carelessness Prevail
It’s no surprise that when it comes to computer security, people tend to be careless. Whether it’s due to laziness, difficulty remembering complex passwords, or simply not caring, the most commonly used passwords are also the worst from a security standpoint year after year.
NordPass Reveals the Top 200 Most Common Passwords
NordPass has recently released their 2023 edition of the top 200 most common passwords, and the results are not encouraging. Unsurprisingly, very few of the entries on the list are secure. In fact, the top 10 passwords can all be cracked in under a second using simple brute-force tools.
A Sea of Weak Passwords
The vast majority of the remaining passwords on the list are no better. Only a handful would pose a challenge for a hacker for more than a second, and only one password, “theworldinyourhand,” is virtually uncrackable. Ranked at number 173, it would take centuries to guess using brute force.
The Reign of Consecutive Numbers
Year after year, consecutive strings of numbers seem to be the people’s choice for passwords. Selections like “123,” “1234,” “12345,” “123456,” “12345678,” ”123456789,” and “1234567890” dominate the top 10. These passwords offer little to no security.
Meeting IT Admin Requirements
To meet the requirements set by your work’s IT admin, you can always resort to using passwords like “Aa123456,” which contains a mix of uppercase and lowercase letters, as well as numbers. However, this password is still far from ideal and only slightly less lazy than the rest in the top 10.
The Persistence of “Password”
The word “password” itself ranks at number seven on the list. Interestingly, “Password” with a capital “P” just missed the top 10, coming in at 15th place. The lowercase version has consistently appeared in the top 10 since 2020, indicating that many users consider it a mere suggestion rather than a label.
The Lazy Default: “Admin”
The second most common password this year is “admin.” With over 4 million instances, it is surpassed only by the numerals one through six. “Admin” is often the default password on many devices, making it the epitome of laziness when it comes to password choices.
Unexpected Entries on the List
The 2023 list of common passwords has a few surprises. Just missing the top 10 at number 11 is “UNKNOWN,” which takes about 11 minutes to crack. While still not secure, it offers slightly more resistance than most passwords on the list.
Curious Combinations
Adding “123” to the end of “admin” actually makes it just as secure as ”UNKNOWN.” Furthermore, inserting the “@” symbol between the word and the numbers increases the hack time to one hour. These combinations may seem clever, but they still fall short in terms of security.
The Mystery of “Eliska81”
One password that stands out is “Eliska81,” ranked 40th on the list. It takes about 3 hours to crack, but the question remains: how did it become a common password used by 75,755 people? The origins of such a password are puzzling.
The Importance of Password Managers
With the availability of easy-to-use password managers, there are no valid excuses for poor password choices. One popular example is 1Password, which securely stores and automatically enters your login information using only one master password. Apple users also have the native Keychain app, which integrates well across devices and requires your device password or Face ID for access.
A Predictable Future
Despite the convenience of password management tools, it’s likely that we’ll continue to see a similar list of weak passwords in the future. It’s a sad reality that many users still prioritize convenience over security.
Photo: Freepik.com
