Stop the presses: “password” is not a good password
A raft of recent research has once again revealed that many of us are still absolutely terrible when it comes to creating strong password.
This includes a new report from password manager Nordpass, which examined a database that totals over 3TB of compromised passwords and spans users from 30 countries in order to reveal the top 200 passwords (opens in new tab), ranking entries by how many instances were found, how easy they were to crack, in addition to popularity by country and, where possible, gender.
Perhaps unsurprisingly, Nordpass found that “password” remains the top choice, with “12345” taking the second spot worldwide.
Weak password trends
The rest of the list is largely comprised of other variants of letters and numbers not-so randomly stuck together, with “quertyuiop” (the top letter row of most English-language keyboards), sitting at rank 36 globally.
Direct comparisons of the Nordpass data show that no one gender is more security conscious than the other, they simply make bad choices differently.
For example, in a comparison of the top ten passwords in the UK, males largely choose the names of football teams (“liverpool”, “arsenal” and “chelsea” are ranked fifth, sixth, and eighth amongst them, respectively), while women picked names (“charlie”, ranked third), places (“london”, seventh), or other outlying nouns (“chocolate” and “monkey”, eighth and ninth).
A separate study by password management company Specops Software, analysing over 800 million compromised passwords, also reveals that the ongoing FIFA World Cup is impacting password choices, with users opting for the names of international teams, past and present players, and other relevant but common terms.
For example, over 1.3 million instances of “USA” as a password were recorded, while “kane”, for England star Harry Kane, appeared over 133,000 times – and even simply “soccer” appeared over 140,000 times.
Looking at Specops’ data with Nordpass’ gender divide in mind, it may well be offering an insight into password choices made, chiefly, by male users.
Also covering Nordpass’ report, 9to5Google found that people have even turned to using the name of their phone manufacturer for its password.
At present, “samsung” is the 78th most popular password in the world, and “googledummy” ranks 145th. spelling trouble for the enormous number of people who swear by the best Android, Samsung and iPhones out there.
Keeping all your data secure
If you can pick your password out of a dictionary, atlas, other reference book, or read it off a keyboard, it’s a bad one, as it’ll only take a matter of seconds, minutes, or hours for a threat actor to crack, giving them unfettered access to sensitive data.
Passwords should be unique to you, if not completely randomized by a password generator and stored in a reputable manager.
Consumers should also consider the cutting edge biometric authentication standard Passkeys, currently built into Apple devices, and implemented for other platforms by Google and 1Password. At time of writing, these alternatives are in open beta and set to arrive in 2023, respectively.
While TechRadar Pro readers may be less likely to make common mistakes when securing their business’ tech stack, it raises uncomfortable questions about consumer security habits, and how that might affect the passwords that employees choose for themselves when offered the choice.
Organizations should also consider multi-factor authentication as part of a Zero Trust security strategy, eliminating passwords entirely while still ensuring security.
By Luke Hughes