Never-to-use passwords by Daniel Markuson, Digital Privacy Expert, NordVPN on 20-Nov-2020

Despite the constant reminders from cybersecurity experts, people still use easy-to-remember passwords, says Daniel Markuson, Digital Privacy Expert at NordVPN.

Our company, NordPass, compiled a list of passwords in partnership with a third-party company specializing in data breach research, evaluating a database that contained 275,699,516 passwords. Only 122,894,788 were unique - that's only 44% of the total.

The most popular passwords of 2020 were easy-to-guess number combinations, such as '123456', the word 'password', 'qwerty', 'iloveyou' (all of which would take a hacker less than one second to crack) and other uncomplicated passwords.

Here are the Top 20 passwords you should never use:

123456	123456789
picture1	password
123456798	111111
123123	12345
1234567890	senha (password in Portuguese)
1234567	qwerty
abc123	Million2
0000000	1234
iloveyou	aaron431
password1	qqww1122

Despite the constant reminders from cybersecurity experts, after comparing the list of the most common passwords of 2020 with the list from 2019, it was pretty clear that people still use simple passwords. For example, the password that was first on the list in 2020 was second in 2019. And the second password from 2020 was third in 2019.

Only less than half (78, to be exact) passwords were new on the 2020 'most popular' list.

Overall, people still use easy-to-remember passwords, including their own names, favorite sports, foods, etc.

What to do if your password is on the 'most popular' list

Most of these passwords can be hacked in less than a second. Also, they have already been exposed in previous data breaches. For example, the most popular password '123456' has been breached 23,597,311 times. If your password is on the list, change it immediately!

There are many threats of not using a unique password or using one that's easy to hack. For example, your weak passwords can be used for credential stuffing attacks, where the breached logins are used to gain unauthorized access to users' accounts. If you fall victim to a credential stuffing attack, you might lose your Facebook or another important account with all its content. Also, your e-mail address could be used for phishing attacks or for scamming your family and friends, who may very well fall for it, as the e-mail will supposedly be coming from you. Weak passwords can also be brute forced (where the attacker has a mechanism to sequentially try all combinations of password until the correct one is found).

Here are the 5 most important tips on how to maintain a good password hygiene:

1. Go over all the accounts you have and delete the ones you no longer use.


2. Update all your passwords and use unique, complicated ones to safeguard your accounts. Employ a password generator to make sure they are impossible to guess. To see if any of your current passwords have ever been exposed online, you can also check them using an online strength checker.


3. Use two-factor authentication (2FA) if possible. Whether it's an App, biometric data, or hardware security key, your accounts will be much safer when you add that extra layer of protection.


4. Set up a password manager. It's a great tool for both generating and storing passwords. Advanced password managers also have useful features such as Data Breach Scanner, which helps you find out whether any of your accounts have been compromised.


5. Make sure to check your every account for suspicious activity regularly. If you notice something unusual, change your password immediately.

For more information, please visit Sentai at: nordpass.com
The full list of the top 200 most common passwords of 2020 is available here

Tweets by @biz_works