Tag Archive for NordPass

| June 15, 2024
Comments Off on Why Are We Still Using Bad Passwords

Why Are We Still Using Bad Passwords

Why Are We Still Using Bad Passwords in 2023Why Are We Still Using Bad Passwords? 123456 is the worst password of 2023. Users have chosen 123456 on more than 23 million breached accounts, even though it takes less than a second to crack. NordPass, the sponsor of the paper, claims that the popularity of 123456 has made it the #1 cracked password for 3 of the last 5 years. In 2019, 12345 from “Spaceballs” overtook it, and “password” did the same in 2022.

Stop watchOnly 2 of 2023’s top 25 passwords will resist an attacker for more than 10 seconds. The 17th most common password, “admin123”, can withstand cracking attempts for a whole 11 seconds. The most secure password in the top 25, “Pass@123”, can fend off an attack for 5 minutes.

NordPass 25 worst passwords 2019 - 2023
20192020202120222023
0112345123456123456password123456
02123456123456789123456789123456admin
03123456789picture11234512345678912345678
04test1passwordqwertyguest123456789
05password12345678passwordqwerty1234
0612345678111111123456781234567812345
07zinch123123111111111111password
08g_czechout1234512312312345123
09adst12345678901234567890col123456Aa12345
10qwertysenha12345671231231234567890
1112345678901234567qwerty12312345671234567
121234567qwerty0000001234123123
13Aa123456.abc1231q2w3e1234567890111111
14iloveyouMillion2aa12345678000000Password
151234000000abc12355555512345678910
16abc1231234password1666666000000
17111111iloveyou1234123321admin123
18123123aaron431qwertyuiop6543211111
19dubsmashpassword11233217777777'P@ssw0rd
20test1qqww1122password123123root
21princess1231q2w3e4r5tD1lakiss654321
22qwertyuiopompopiloveyou777777qwerty
23sunshine123321654321110jp110jp'Pass@123
24BvtTest1236543216666661111112233
2511111qwertyuiop987654321987654321102030
Nordpass

How can I keep my passwords safe?

Your password should have at least 12 characters

Your password should have at least 12 charactersA longer password with more characters is better. It gives a hacker more combinations to try. Some sites may require a certain number of characters in your password, but generally, a password with at least 12 characters is a safe bet.

Use numbers, symbols, uppercase and lowercase letters

The more variety you have, the better. Be sure to include numbers, symbols, capital, and lowercase letters. Make everything as random as possible to keep the hackers out. For example, a password like ‘S#w%i&n(g967’ would be much more difficult to crack than ‘swing967.’

Avoid dictionary words

Avoid dictionary wordsAvoid using any single word as a password. It’s too easy for a hacker to take one lucky guess from a common dictionary, like ‘dog’ or ‘banana.’ Even a password like ‘freeride’, which combines two dictionary words, is too simple.

Don’t use substitutions

Avoid replacing letters with common symbols, it can weaken your password. For example, if you want to use the word ‘lucky’ but instead write it as ‘1ucky.’ It’s too obvious because the 1 and the letter L look too similar.

Choose a passkey over a password

Whenever possible, opt for passkeys instead of passwords. Passkeys, which are unique codes tied to your device, offer more security and are less prone to breaches. Companies such as Amazon, Apple, Google, and Microsoft are increasingly supporting passkeys as a safer alternative.

rb-

We should approach NordPass’ findings with caution due to their unclear methodology. They are not very transparent about their methodology. The presser said the passwords were “compiled in partnership with independent researchers specializing in researching cybersecurity incidents. They evaluated a 4.3TB database extracted from various publicly available sources…”

There are some suspicious trends in the Nordpass’s data. English words make up all of the top 25 recognizable passwords. Quite a feat for over 24 billion credentials breached since 2016. Many other are numerical strings or the result of typing nearby keys on a QWERTY keyboard. Despite these issues, the report makes for interesting geek reading.

Related article

Ralph Bach has been in IT for a while and has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me on Facebook. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| December 3, 2022
Comments Off on Bad Passwords 2022

Bad Passwords 2022

Bad Passwords 2022Password manager proprietor NordPass has released it’s third annual list of most common passwords. The firm worked with security experts to cull the top compromised passwords for 2022 from 3TB of stolen password data found on the dark web. What they found is like déjà vu, all over again. 

NordPass2022’s most commonly found password “password” has been in the top 5 since 2019. “Password” was found nearly 5 million times in the NordPass list from the dark web. Eight variants of “password” are included in the list.

RankPasswordCount
1password4,929,113
34pass@1233,9046
56password125,113
139Password12,029
173password1239,889
188Pass@1239,359
189passw0rd9,349
192Password19,220

The second most popular password “123456” had held the number 1 spot in 2020 and 2021.

C-level passwords

NordPass also looked at leaked C-level passwords. The big bosses are not better than their staff. C-level staff use the same top ten bad passwords.

  1. 123456
  2. password
  3. 12345
  4. 123456789
  5. qwerty
  6. 1234
  7. qwerty123
  8. 1q2w3e
  9. 111111
  10. 12345678

Other password facts

For the first time the Nordpass results were broken out by gender. Both men and women favored the same top bad passwords.

Password

Movies on the list:

#125 “superman” was used 12,100 times.

#171 “matrix” was used 10,122  times.

#185 “batman” was used 9,407 times.

#196 “starwars”  was used 9,091 times.

Hockey teams are popular for bad passwords. “Detroit Red Wings” and “Columbus Blue Jackets” were among the most popular sports themed bad passwords.

On the music front, “U2”, “Prince” and “Metallica” were popular hacked passwords.

Small cars are popular for lazy passwords. “mini”, “kia”, and “vw” were frequently used.

2022’s worst passwords

RankPasswordChange
from 2021
1password+4
2123456+1
3123456789-1
4guestNew
5qwerty-1
6123456780
71111110
812345-5
9col123456New
10123123-2
111234567-1
121234+5
131234567890-4
14000000-2
15555555New
16666666+8
17123321+2
18654321+5
197777777New
20123New
21d1lakissNew
2277777New
23110110jpNew
241111New
259876543210

rb-

It is worth pointing out again, and again again.

  1. how can you keep your online personal information safe?Make sure none of your passwords are on this (or any other list). If they are log on and change them immediately.
  2. Use two-factor authentication, whenever possible. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. Not sure if your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.
  3. Consider a password manager. Your brain is no longer an adequate password manager.

How you can help Ukraine!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , ,
| November 29, 2021
Comments Off on Passwords That Won’t Keep You Safe

Passwords That Won’t Keep You Safe

These Passwords Won't Keep You Safe OnlineI could not let 2021 wrap up without the annual look at the OMG WTF are they thinking worst passwords list. I have been covering the sorry-state of passwords since 2010 and unfortunately little has changed. The biggest change has come in the increased number of mega-breaches leaking passwords all over the Intertubes.

Nordpass logoHere is NordPass’s 2021 list. Nordpass and independent cybersecurity researchers evaluated a database with 4 terabytes’ worth of data. You can visit the NordPass website to see all 200 of the entries from 2021. But here are the top 25 most common passwords:

2021's Worst Passwords

2021's 25 worst passwords compiled by Nordpass.
RankPasswordChange from 2020
1123456-
2123456789-
312345+5
4qwerty+8
5password(1)
612345678-+1
7111111(2)
8123123(2)
91234567890(1)
101234567+1
11qwerty123New
12000000+3
131q2w3eNew
14aa12345678New
15abc123(2)
16password1+3
171234(1)
18qwertyuiop+6
19123321+4
20password123New
211q2w3e4r5tNew
22iloveyou(5)
23654321+1
24666666New
25987654321New

Bad password factoids

  • The top 25 bad passwords can be cracked in less than 1 second by a bot (or person) according to Nordpass.
  • different types of passwords94% of the most frequent passwords – can be cracked in less than 10 seconds
  • The most secure password “myspace1” ranked #54 on the list. It was used by 1,619,027 users and can be cracked in 3 hours.
  • The most popular sport on the list is “football.” It ranked #60 and was used by 1,468,381 users.
  • Superman” protected 1,180,436 accounts. He ranked 81st but could be cracked in less than 1 second.
  • The most popular movie on the list was “starwars.” 701,474 users tried to use the Force to protect their accounts. Unfortunately the Force is not strong with this one, it could be cracked in less than 1 second.

Password risk index

The NordPass researchers also devised a risk index based on the number of passwords leaked in each country per capitaRussia came in first with an astounding 19.9 passwords leaked per capita. Other counties that leaked the most passwords are:

  • The Czech Republic 6.2,
  • France 6.0,
  • Germany 5.8,
  • U.S. 5.2,
  • Italy 4.4,
  • Canada 3.6,
  • Australia3.3
  • and Poland 3.6.

rb-

You can test the strength of your password by visiting this site and typing it in. They claim the site isn’t creating a repository of passwords because your information is never sent over an internet connection. The best part? As you type, the software tells you approximately how long it would take a computer to figure out your password. The site turns red if your password is weak but slowly turns green as you make it stronger. It’ll even give you tips on how to improve your password security.

 

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| February 20, 2021
Comments Off on You Need a Strong Username

You Need a Strong Username

You Need a Strong UsernameWhen securing you online accounts your username matters. A recent report from password manager provider Nordpass points out why you should have a strong username. They explain that an easy to guess username gives away half of the protection for your online information.

Nordpass logo Strong passwords are vital to to securing your online information, but you shouldn’t skimp on your username. Nordpass found that most people use their actual name to secure their online usernames.

The blog states that usernames which include personal information are the worst. That is because when you use personal data to create your account, it helps cybercriminals build your profile. If you post a comment on Facebook with a username Becky1970 or ToledoTommy, that’s enough for an attacker to start a social engineering attack.

How to create a strong username

Here are some tips from Nordpass to help you create a strong username.

  • How to create a strong usernameDon’t reuse your username on other accounts — this makes it easy to track you.
  • Don’t use your actual name.
  • Avoid creating a username that’s identical to your email address.
  • Don’t use personal information like your birth date, the city you’re from, or social security and ID numbers.
  • Don’t use usernames that are the same as your password or may hint at it.

If these tips are too complicated – use a username generator.

Here are the 25 most popular usernames

2020 Risky usernames

RankNameTimes used
1????875,562
2David470,646
3Alex451,546
4Maria438,485
5Anna387,660
6Marco352,629
7Antonio325,085
8Daniel310,096
9Andrea305,442
10?????298,963
11Laura296,627
12Ali290,285
13???277,859
14Jose271,960
15Sandra264,886
16???????249,476
17Sara247,072
18Carlos214,261
19Ana212,049
20Michael198,312
21Marie194,530
22Francesco193,526
23Mehmet191,023
24Marta186,424
25Sarah184,996
NordPass partnered up with a white-hat hacker, who compiled a report of the most popular usernames of all time. The hacker requested to stay anonymous.


Click here to see the Nordpass 200 most used usernames.

rb-

For those of use that don’t know the most common username means ‘title’ in Thai.

Thankfully some key usernames are missing from this list: Admin, Administrator, guest, root, user.

 

Stay safe out there !

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him at LinkedInFacebook and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,
| December 9, 2020
Comments Off on These Passwords are Not Protecting Your Info

These Passwords are Not Protecting Your Info

These Passwords are Not Protecting Your InfoIt is 2020 and among all the other things going on during this dumpster-fire of a year – passwords are still a problem. According to a list of the 200 worst passwords of 2020 from NordPass, millions of people are still using “123456” and “password” as part of their login credentials. These passwords are the worst you can use year in and year out they have been the worst since I started tracking them on the Bach Seat in 2011.“123456,” has been breached more than 23 million times alone, according to NordPass. To protect your data – stop using “123456″ and “password.”

Half of the top 25 passwords are new offenders for 2020. But NordPass says any of the top 25 bad passwords typically take less than a second to crack. Don’t be fooled – using some variation of the number bar, such as “000000″ or “123123” does not add extra security to your account. Similarly, any adjacent-key letter combo you are using such as “qwertyuiop” or “asdfghjkl,” can be easily cracked in less than a second’s time, the company said.

2020's Worst Passwords

2020 RankPasswordChange from 2019
1123456-
2123456789-
3picture1New
4password-
512345678+1
6111111+3
7123123+3
812345-1
91234567890New
10senhaNew
111234567-6
12qwerty-9
13abc123-2
14Million2New
15000000New
161234New
17iloveyou-9
18aaron431New
19password1New
20qqww1122New
21123New
22omgpopNew
23123321New
24654321New
25qwertyuiop-10

data breach researchMethodology: The list of passwords was compiled by Nordpass,  which sells a password manager, in partnership with a third-party company specializing in data breach research. They evaluated a database that contained 275,699,516 passwords in total.

Stay safe out there!

Related article

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , ,