People Are Still Using the Dumbest Passwords Available

If you were thinking that most people would have learned by now not to use “password” because the password for his or her delicate programs, then you definately can be giving an excessive amount of credit score to the overall scrolling public.

Cybersecurity researchers from Cybernews and password supervisor firm NordPass each independently reported this week on knowledge surrounding essentially the most commonly-used passwords. Trying to discern the often used phrases, phrases, and numbers among the many basic public wouldn’t be easy if it weren’t for the troves of leaked passwords being offered on the darkish internet.

In a release sent to Gizmodo, Cybernews said it based its data on a list of 56 million breached or leaked passwords in 2022 found via databases darknet and clearnet hacker forums. Some of the most-used passwords were exactly what you expect, easy-to-remember junk passwords for company accounts, including “123456,” “root,” and “guest” all looking pretty in the top three.

NordPass, on the other hand, listed its top passwords by country and the supposed gender of the user. In their case, “password” sat in the number one spot for most-used password throughout the globe. Some countries had very specific passwords that were commonly used, such as “liverpool” being the number 4 most-used password in the UK despite it being 197 in the world. The number 2 most-used password for Brazil accounts is “Brasil” while in Germany, number 5 is “hallo.”

In an email to Gizmodo, NordPass said the list of passwords was built by a team of independent researchers who compiled 3TB of data from listings on the dark web, including some data that was leaked in data breaches that occurred in 2022. The company noted that some data might be from late 2021, though the passwords were listed on the dark web in the new year.

Other than that, passwords were ranked simply by how often they were used in these listings. NordPass noted that many passwords were just a single word, which is one of the easiest kinds of passwords to crack, and for somebody with a knowledge of common passwords, it might not even require brute force or other cracking tricks. Company names were even listed in some passwords, which may point to laypeople taking the name of their device, or companies themselves using lax password security practices. Cybernews’ research also noted nearly 25% of the passwords they found only used eight characters. Somewhere around 16% used just four.

Any new password a user creates should be much longer than one word—at least 12 characters—should use upper and lowercase letters, numbers, and symbols, and should avoid any of the common words or simple phrases. Cybernews noted that only a little more than half of the passwords the team scrutinized were simple unique words often associated with major brands or teams. Though most passwords are “hashed,” as in they’re scrambled by algorithms to make it unclear to anybody breaching a system what the password is, the issue is that bad actors can understand how a commonly-used password is hashed, making it that much easier to break.

Click via the slides to see a listing of a few of the most-used passwords included from each experiences, together with some really inane and weird passwords utilized by 1000’s.