If your name is Aaron and you plan to use your name as a password for a social network, know that this year 90,256 users have thought and done the same and that cybercriminals would take only three hours to decrypt your password and access your profile.
If you then prefer to use a number combination from 1 to 6, you will fall into the trap again; These are usually decrypted in a second and are used by more than two million users on the Internet. Both are weak passwords and easy to crack. Using them is almost the same as not having a password. However, they are among the most popular in the world. Why?
Most Internet users prioritize convenience over security and voluntarily expose their accounts and data to be easily stolen. How? By using passwords such as 123456 or password to protect bank accounts, social networks or their profiles on sites to buy on the Internet, for example.
NordPass, a cybersecurity company, has produced a list of the 200 worst passwords of 2020 after examining a total of 275.7 million keys. Of the 200, 122 are the same as those of 2019 and 2018 and 78 are new additions, products of the year of the pandemic.
Now, in a world that telecommutes and increasingly depends on the Internet, protecting accounts from cybercriminals is more than an advantage, an obligation.
The table shows the 50 most popular and worst options for a passkey, according to cybersecurity experts. But why are these combinations a bad idea for a password? The NordPass team and antivirus developers Eset Cibersecurity explain that the problem is in the predictable combination and frequency of use.
For example, seven of the ten worst passwords on NordPass’s list are made up of various number combinations, with 123456 , 123456789, and 12345678 ranking first, second, and fifth, respectively. Third place is taken by picture1 , a new addition to the list, followed by password.
These first five keys bring together more than 4.5 million users and all together they have been exposed more than 38 million times in different data breaches.
In other words, anyone who proposed it could enter the bank or Instagram account of these users in seconds, according to the writer and cybersecurity technician Amer Owaida , on WeLiveSecurity, Eset’s cybersecurity blog.
Of the 78 new additions to the 2020 password list, the most popular are senha (Portuguese for password ), Million2 or aaron431 . Part of the last password is also the most popular name used as a password. The most popular feminine name for passwords is ashley .
Safe but easy to remember keys, utopia?
How to migrate to a strong password without forgetting it? Cybersecurity experts recommend that all passwords move from the general to the personal, from simplicity to complexity, and mix numeric and special characters with letters.
Passwords with more than 10 characters, upper and lower case and numbers, are the strongest. A password that includes all of the above could take years to crack, not seconds, according to Eset. If phrases are used instead of words, the terrain becomes even more difficult for attackers.
“Consider using a unique passphrase for each of your online accounts. If you do this right, it will be much more difficult or even impossible to crack and while you do, avoid falling into password reuse, ”suggests Owaida.
However, having ten different passwords for ten different accounts can be confusing for the user. That’s why NordPass recommends using a “password manager”, also known as a password manager .
This is an application designed to store access credentials in an encrypted vault that has the functionality of generating complex passwords for each of the user’s online accounts. Complex passwords are generated by the system and the user only has to remember a single master password in order to access them.
Eset also recommends enabling double factor authentication on all services that offer the option. This process is an extra security measure that requires a code obtained from an application, or an SMS message, as well as a password to access the service.
It is very popular in banking applications, but can also be enabled for use on many websites and social media applications, such as Twitter , Gmail, and Dropbox.