Several security researchers have released their findings on the most common passwords of 2021. It appears that the message is not getting through because the same weakest of the weak passwords are still the most common.
Just to make it clear just how terrible they are, Nordpass has gone further and included the time it would take to crack them. See for yourself.
Top 20 passwords of 2021
- 123456
- 123456789
- 12345
- qwerty
- password
- 12345678
- 111111
- 123123
- 1234567890
- 1234567
- qwerty123
- 000000
- 1q2w3e
- aa12345678
- abc123
- password1
- 1234
- qwertyuiop
- 123321
- password123
These are all useless, and unfortunately, the whole list up to number 200 is made up of similarly weak ones. Further down the line, we see passwords like ‘thomas’ and many other names. Usually names of children or pets.
So, just how long would it take to crack the 20 most common passwords?
Less than 1 second for each and every one of them, save for number 14, which takes all of 2 seconds to crack. It’s as good as there is no password to be honest.
Why do we use such weak passwords?
- Too many signups – With more of our lives being lived on the internet, we have to sign up to a lot of online platforms and services. The advice we get is to not use the same password for the different platforms and so we are expected to come up with and remember a lot of passwords. Sometimes we are even prohibited from using the password we use for other platforms during the signup process for a new platform. In the end we just end up using number 17 ‘1234’ to get it over with.
- We don’t think it’s a big deal – Sometimes when forced to create an account for a service like Quora, one just does the bare minimum. The simplest password you know you won’t forget for a platform where you are not chatting with friends or posting any pictures. If someone were to hack into your Quora account, truth is, you probably wouldn’t care one bit. Hence the nonchalance.
- Naivety / Ignorance – sometimes we think it’s quite clever to use something like ‘1q2w3e’. It’s not. The one I use on my internet banking platform is much more clever than that, ‘5edP&%–KL__0@*TRp”. You are not hacking that in 1 second I’ll tell you that. Just kidding, don’t do that, never ever share your password, even with supposed bank officials.
- Being forced to change passwords regularly – system admins should note this. When you force us to change passwords every other month, we are going to use simple and weak ones we can remember, as research has shown.
Why it’s a mistake to think that way
Some of the lazy efforts are because we think we just aren’t targets. It’s hard to imagine a skilled team of hackers in Russia trying to get into my Facebook. After all, what would they want with me and the $5.73 in my bank account?
To be honest, most of us just aren’t targets for such hackers. That doesn’t mean we should get complacent. It may not be an international gang of hackers but there are people who would cause havoc for you if they accessed your account.
How many times have you seen some people you know apologising after they posted lewd pictures on their Facebook? “I was hacked,” is usually the claim. We don’t believe most of them but some of them were indeed ‘hacked’ by people close to them. With weak passwords like the ones above, it is easy for a menace to cause you untold embarrassment.
To consider also is that access to your various accounts helps paint a clearer picture of you. Your family and their names, your pets, your hobbies, what you search for etc. Thus making it a little easier to ‘crack’ the passwords to other more important accounts. Here in Zimbabwe, a lot of people have been blackmailed by hackers who have compromising messages or pictures. So you definitely can be a target too.
Password managers
There are services called password managers and they could help us with this weak protection problem of ours. These managers will create and remember strong passwords for you. That way you could use virtually unhackable passwords for all your accounts.
All you will have to remember is one, the master password. Since it is just one password you will have to remember, it can be a strong one. That makes for better security.
Password managers are not perfect but if it means ‘password’ won’t be used as a password, we might as well use them. You can check out the best managers here.
What’s your take?