A series of recent research has again shown that many of us are still absolutely terrible when it comes to crafting a strong password.
This includes a new report from password manager Nordpass, which examined a database totaling more than 3 TB of compromised passwords and spanning users from 30 countries to find the top 200 passwords (opens in new tab)ranking entries by the number of instances found, how easy they were to crack, in addition to popularity by country and, where possible, gender.
Perhaps unsurprisingly, Nordpass found that “password” remains the top choice, with “12345” ranking second globally.
Weak password trends
The rest of the list is largely made up of other variants of letters and numbers that are not so randomly stuck together, with “quertyuiop” (the top row of most English-language keyboards) ranking 36 worldwide.
Direct comparisons of the Nordpass data show that one gender is not more safety conscious than the other, they just make bad choices differently.
For example, in a comparison of the top ten passwords in the UK, men largely chose the names of football teams (“liverpool”, “arsenal” and “chelsea” ranked fifth, sixth and eighth respectively), while women chose names (“charlie”, third place), places (“london”, seventh) or other remote nouns (“chocolate” and “monkey”, eighth and ninth).
A separate study (opens in new tab) by password management company Specops Software, which analyzes more than 800 million compromised passwords, also reveals that the ongoing FIFA World Cup influences password choices, with users opting for the names of international teams, past and current players, and other relevant but common terms.
For example, “USA” was registered as a password more than 1.3 million times, while “kane”, for English star Harry Kane, appeared more than 133,000 times – and even simply “soccer” appeared more than 140,000 times.
Looking at Specops’ data with Nordpass’ gender gap in mind, it might provide insight into password choices made primarily by male users.
Also with regard to the Nordpass report, 9to5Google (opens in new tab) found that people even used their phone manufacturer’s name as a password.
At the moment, “samsung” is the 78th most popular password in the world and “googledummy” is 145th. spelling problems for the huge number of people who swear by the best Android, Samsung and iPhones Outside.
Keeping all your data safe
If you can get your password from a dictionary, atlas, or other reference book, or read it from a keyboard, it’s a bad password, as it only takes a matter of seconds, minutes, or hours for a threat actor to crack, giving them unfettered access access sensitive data.
Passwords must be unique to you, if not completely randomized by one password generator and stored in a reputable administrator.
Consumers should also consider the very latest biometric authentication standard Keyscurrently built into Apple devices and implemented for other platforms by Google and 1Password. At the time of writing, these alternatives are in open beta and will release in 2023 respectively.
While Bingo Tingo Pro readers may be less likely to make common mistakes when securing their company’s tech stack, it raises uncomfortable questions about consumer security habits and how that can affect the passwords employees choose for themselves when given the choice.
Organizations also need to think multifactor authentication as part of one No trust security strategy, completely eliminating passwords while still ensuring security.