WATERTOWN — Year after year, people continue to use easily hackable passwords for their accounts either because they don’t want to create longer, more complex passwords they may not so easily remember, or because they think they have nothing to hide, so they don’t take cybersecurity seriously.
As we move into 2020, cybersecurity is actually more important than many realize, with over 500 million passwords having been leaked in data breaches just this past year, according to NordPass.
In response to this data, NordPass, a new generation password manager created by NordVPN, one of the biggest digital privacy and security providers in the world, has compiled a list of the 200 most commonly used passwords of 2019 with the help of independent researchers.
“2019 has seen the most data breaches in history, and those cyber incidents have affected billions of internet users,” said Chad Hammond, security expert at NordPass, in a release. “People struggle creating passwords, and this is one of the main reasons why users stick to the primitive ones. However, passwords should help protect us instead of putting our privacy in danger.”
With unoriginal offerings like “12345,” the most common password of 2019 used by 2,812,220 people, or the romantic, yet predictable “iloveyou,” used by 171,657 people, account users keep the same letter and number combinations for all accounts despite warnings and reminders from cybersecurity experts.
Among the most popular passwords of 2019 were 111111 and 123321, or just strings of letters forming horizontal or vertical lines on a QWERTY keyboard, like asdfghjkl or qazwsx. Arguably the most obvious password of all— “password” — remained popular this past year, with 830,846 people still using it.
Also included in the top 20 passwords to never use, according to NordPass, were “test 1,” “zinch,” “dubsmash,” “abc123” and “123123,” among others. Some passwords, like “zinch” or “test1,” are made by bots when accounts are created automatically, or for testing purposes.
“Most people prefer to use weak passwords rather than trying to remember long, complex ones,” Mr. Hammond said in an email. “It also usually means they use the same one for all their accounts. And if one of them ends up in a breach, all other accounts get compromised too.”
According to Mr. Hammond, hackers can easily break into massive amounts of accounts by trying the most commonly used passwords. With fast computers and even speedier internet networks, hackers can guess thousands of passwords per minute by using brute force attacks.
To keep accounts secure, NordPass came up with five tips to maintain good password hygiene:
1. Go over all the accounts you have and delete the ones you no longer use. If a small, obscure website ends up breached, you might never even hear about it.
2. Update all your passwords and use unique, complicated ones to safeguard your accounts. Employ a password generator to make sure they are impossible to guess.
3. Use 2FA if you can. Whether it’s an app, biometric data, or hardware security key, your accounts will be much safer when you add that extra layer of protection.
4. Set up a password manager, a tool for both generating and storing passwords, so you will only need to remember one master password and forget about the rest.
5. Make sure to check your every account for suspicious activities regularly. If you notice something unusual, change your password immediately.
In the U.S., people are more afraid of becoming part of a data breach than they are about the possibility of being murdered, according to Mr. Hammond, and yet, 50 percent of users still reuse the same passwords without changing them despite the possibility of experiencing a breach being one out of four.
The key, according to Mr. Hammond, is the strength of your passwords and the way you keep them. If you have a secure password, yet you keep it in a notepad or on a sticky note, it is not safe anymore.
“Users should always be aware and never completely rely on their online account providers,” Mr. Hammond said. “There is no such service who would want to get breached, yet human errors happen, and hacking technology is always evolving.”