Yep, it's that time again - researchers at Nordpass have analysed millions of password lists gathered from the past year to find out which are the most common (and therefore the worst). For those that have seen one of these lists before, it will be a depressingly familiar sight.
Despite countless warnings over the years, people are still gravitating towards exactly the same passwords as they have for years, despite the fact that using a password like this is basically the same as having no password at all. Of the millions of passwords gathered analysed by these researchers, only 44% were considered unique.
For reference, the researchers found these were the top 10 passwords:
1: 123456
2: 123456789
3: picture1
4: password
5: 12345678
6: 111111
7: 123123
8: 12345
9: 1234567890
10: senha
We in the IT community have continually tried to explain to people the importance of secure passwords. As we move increasing amounts of our data online, we are all at huge risk of identity theft we use insecure passwords. Although a specific online account may seem inconsequential, it might offer clues for other websites you might use that an attacker could also try logging into, or hints about secret phrases that might allow access via a "Forgotten Password" link. Additionally, so few people use unqiue passwords on each website that knowing one login means that all services you use are compromised.
Even if you have a secure password, you may still be at risk. If you tend to use the same pasword on multiple websites and one of those gets breached, this puts all of your other logins at risk. There is a website that you can use to see if your email address is included on the list of previous breaches. If this site indicates your address was included in a breach, it's time to change your passwords!
However, even the most secure passwords can be compromised via other means. There's all sorts of methods attackers use to try and get at your passwords including setting up fake websites for things like Microsoft 365 and bank logins, or managing to get various malware installed on a device that can log keypresses. The age of the single secure password is largely over. As luck would have it, our other blog this month covers the solution to this problem!