You are undoubtedly aware that using “123456”, “password”, or “qwerty” as a password makes you exposed to hackers. However, you are not alone: according to a new survey, these are three of the top 10 most commonly used passwords worldwide. NordPass, a password management service, compiled millions of passwords into a dataset in collaboration with independent researchers to estimate the top 200 most often used passwords worldwide in 2021. They looked at how popular certain options were in different regions of the world, analyzed the data, and presented the results in 50 nations. They also looked at gender-specific password patterns.
The data reveal that passwords frequently linked to cultural allusions. People from other nations, for example, get inspiration from their favorite football team. “Liverpool” was the third most popular password in the UK, with 224,160 hits, while “colocolo,” the name of a Chilean football club, was the fifth most popular choice in Chile, with 15,748 users.
Religion-related passwords were popular in various nations. “Christ,” for example, was the 19th most popular password in Nigeria, with 7,169 uses. Meanwhile, 1,599 people in Saudi Arabia selected the Arabic term “bismillah,” which means “in Allah’s name.” It was the 30th most popular option. Gender inequalities were also evident in the report. Women are more likely to use terms and phrases like “sunshine” or “I love you,” but males are more likely to use sports-related passwords. Men uses more swear words than women in various nations do.
While music-themed passwords were popular across both genders, women preferred bands like “onedirection” or “justinbieber,” while males preferred bands like “metallica” and “slipknot.”
For computers and network-based goods and services, passwords are still the most used authentication method. However, we know that consumers continue to use weak passwords and frequently fail to manage them properly, making them exposed to online security risks. Weak passwords are easy to guess and can be broken using brute-force methods with little trouble (trying all letter, number, and symbol combinations to find a match). They are also easy prey for a dictionary attack, which is a means for attackers to guess a password by attempting a large number of common words and variants.
Researchers and developers are currently focusing on designing authentication systems that do not rely on passwords at all, in order to solve the security vulnerabilities associated with password-based authentication systems. In the meanwhile, using two-factor authentication (2FA) or multi-factor authentication (MFA) to safeguard your accounts is a smart idea. These approaches combine a password with biometric data (such as a face scan or fingerprint) or something you already have, such as a token.
By combining three random words, you may construct a password that is both powerful and memorable. Machine-generated passwords are also harder to guess and less likely to appear in attackers’ password dictionaries. All of this, of course, easier said than done. Password overload is one of the issues we confront in today’s digital world. Complex passwords, especially those created by machines, might be difficult to remember.
As a result, it is a good idea to utilize a trustworthy password manager for this. Using your web browser to remember your passwords is less secure since attackers may be able to obtain saved credentials by exploiting browser flaws. Although not published in a peer-reviewed study, NordPass’ findings confirm what we already know from other lists: the most common passwords are weak.
If you notice one of your passwords on this list, it should serve as motivation to change it to something more secure. Ethical hackers — those who try to keep computers and networks safe from hackers – might potentially benefit from these revelations. However, we must consider the likelihood that hackers would exploit this information to target password assaults. This evens more incentive to make your passwords more secure.
Elochukwu Ukwandu, Lecturer in Computer Security, Department of Computer Science, Cardiff Metropolitan University, and Chaminda Hewage, Reader in Data Security, Cardiff Metropolitan University The Conversation has given permission to reprint this article under a Creative Commons license. Read the full story here.