Report Shows How Pathetically Weak Your Passwords Still Are

This should go without saying, but "password" is a terrible password. The same goes for "12345" and "123456," among others. And no, adding more numbers in sequential order won't make your account more secure because as it turns out, "123456789" is the second most commonly used bad password, according to a new report.

Researchers at NordVPN published an annual list of the top 200 most common passwords of last year. There are a bunch of familiar entries on the list, as you might expect, but also some new ones such as "Million2," "omgpop," and "unknown." What most of them have in common, new or otherwise, is an inherent weakness that takes hardly any time at all to crack—less than one second in many cases.

Here's a look at the top ten on the list...

Common Passwords
Source: NordVPN

The full list of passwords was compiled with the help of a third-party company that specializes in data breach research. In total the researchers evaluated a 4-terabyte database containing nearly 276 million passwords. Taking things a step further, they classified the data into various verticals to provide a bit of deeper analysis based on countries and gender (where possible). They also discovered some interesting trends.

"A stunning number of people love using their own name as a password," the researchers noted. They also said, "Ferrari and Porsche are the most popular car brands when it comes to bad passwords," and that "dolphin ranked number one among animal-related passwords in many countries."

"Swear words are quite often used as passwords. Research shows that men use swear words as passwords more often than their female counterparts," the researchers said.

What's also interesting is that using a password that would take a relatively long time to crack does not necessarily make it secure. For example, "jobandtalent" ranks would purportedly take three years to crack, but ranks as No. 54 among the most commonly used passwords in data breaches.

Granted, these kinds of reports are often self-serving—in this case, NordVPN is promoting its NordPass password management software. There's a free version available, as well as a few paid subscription tiers that come with extra features. Even so, the data is useful and relevant for the most part, and a reminder that using a weak password is not a good idea.

One thing the report doesn't touch on is how many of these breaches are from throwaway accounts. If just trying to gain access to an article or service that requires a free account, a user might input a common password and perhaps even a temporary email address. That said, you just know there are people out there that are using some of these passwords on non-throwaway accounts.

If you need help coming up with a strong password, you can use a password generator like the one NordVPN offers on its website. And really, you should be using different and effective passwords for each account, especially banking ones and others that are particularly sensitive. And when possible, enable two-factor authentication for added security.

Perhaps one day we won't have to deal with traditional password input. There are efforts to go in that direction already. Just a couple months ago, Microsoft began allowing the public at large to configured a passwordless Microsoft account in favor of using its authentication app.
Tags:  security, Passwords