Those constant warnings that passwords need to be strong seem to fall on deaf ears, as the latest reports show that most people still opt for the same old, easy-to-guess password combinations we’ve all seen.
Cybersecurity researchers from CyberNews (opens in new tab) recently analyzed 56 million passwords that have been breached, leaked or leaked to the wider internet this year to determine any patterns.
As it turns out, we still like to use the “123456” string for the password, since that’s by far the most common with 111,417 instances. “Admin” is also quite popular, with nearly 17,000 entries, followed by “root” and “guest”.
Celebrity names, swear words
According to the study, people like to use different names in their credentials. Popular football team names, personal names, celebrity names, and month and day names are all commonly used.
Users were also found to use swear words, with one particular profanity popping up nearly 300,000 times.
One of the problems with weak passwords is the fact that some products come with preset passwords where the developers expect the end users to replace the factory defaults with their own passwords as soon as possible.
In many cases, this never happens, and many apps and endpoints have easy-to-guess passwords for extended periods of time.
“It is important for customers not to rely solely on developers to protect their credentials and personal data by adopting new Internet security habits, starting with strong password generation and cybersecurity awareness,” said Mantas Sasnauskas, Head of Security Research at Cybernews. “Because many services are interconnected, even one leaked password can lead to many accesses, potential damage and time-consuming recovery.”
Today, to eliminate this risk factor, most major technology companies are building solutions that focus on replacing the password, such as Apple’s passkey solution.