The most common passwords used in 2021 have been revealed, and to call them an embarrassment would be an understatement to say the least.
According to a new report from NordPass, a service that provides a password manager program, a worrying amount of users still rely on extremely weak passwords.
The top 200 most common passwords of 2021 study, covering 50 countries, reveals that “123456” remains as the most popular password for the second year running. More than 103 million people use it for log-in purposes, even though it’d take less than a single second to crack it.
Other frequently used passwords within the top 10 list largely consist of number-based passes like “123456789,” which is utilized by 46 million individuals. The only two that don’t contain a numerical form are “qwerty,” and of course, “password.” They’re applied by 22.3 million and 20.9 million users, respectively.
When it comes to other bad password choices, a “stunning” number of people opted to make their own names as their preferred password. Elsewhere, Ferrari and Porsche are the most popular car brands in regard to weak passwords.
Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene.
While the vast majority of the top 200 most common passwords can be cracked in less than a second — or a few seconds in some cases — there are some that would take considerably longer to gain access to. “1g2w3e4r” and “gwerty123,” both used by a million people, would take three hours to crack. Interestingly, removing the “123” from “gwerty” makes it a much easier target, as it’ll only take five seconds to crack.
Rounding out the passwords in the list that’ll take between 1-3 hours to penetrate are “michelle,” “jennifer,” “myspace1,” and “zag12wsx.”
NordPass’s methodology for forming its research involved working with independent researchers who specialize in the cybersecurity incident research field. The most common password list was compiled via an evaluation of a 4TB database containing leaked passes.
“Unfortunately, passwords keep getting weaker, and people still don’t maintain proper password hygiene,” Jonas Karklys, CEO of NordPass told Lifewire. “It’s important to understand that passwords are the gateway to our digital lives, and with us spending more and more time online, it’s becoming enormously important to take better care of our cybersecurity.”
Fixing the problem
So, how does one go about adding additional layers of security that will better protect their passwords? It goes without saying that no one should use “123456” as their entry point for any account — or any of the passwords in the aforementioned report for that matter. Password managers have become commonplace and are usually a reliable resort, while two-factor authentication should also be considered as another safety measure.
When factoring in their security deficiencies, passwords, in general, are naturally the most common target for hackers. In fact, 81% of hacking-related breaches are achieved through weak or stolen passwords.
“The single most common security vulnerability today is still bad passwords.”
“Weak passwords are the entry point for the majority of attacks across enterprise and consumer accounts. There are a whopping 579 password attacks every second — that’s 18 billion every year,” Microsoft detailed in September.
Apple, meanwhile, has integrated a newer form of tech into its devices through iCloud Passkey, which effectively gets rid of passwords and offers a more secure process via Public Key Cryptography.
Apple joins both Microsoft and Google in envisioning a future for passwordless authentication. Software giant Microsoft, for one, has already seen more than 200 million users enabling passwordless login for its services.
“The single most common security vulnerability today is still bad passwords,” Jen Fitzpatrick, senior vice president of core systems at Google, stated in May. “Ultimately, we’re on a mission to create a password-free future.”