Passwords play a crucial role in safeguarding our most private information. However, more often than not, they lack in creativity, making them susceptible to easy circumvention.
NordPass, a company dedicated to assisting users in creating and securing passwords, has released its annual compilation of common passwords, which can be cracked within seconds, revealing a noticeable lack of creativity in many instances.
NordPass collaborated with independent researchers to examine 4.3 terabytes of data sourced from publicly available channels. The study not only reviews the top 200 global passwords but also provides comparisons across 35 countries, revealing that frequently, the most common passwords consist of numerical sequences.
What are the most common password trends globally?
According to the report, 17 out of the top 20 most common passwords globally can be cracked in less than a second. Therefore, it's essential to reconsider using easily guessable options like "123456" or the uninspired "password" when securing your online accounts, as these popular choices represent some of the least secure combinations.
The study also highlighted the most frequently used passwords categorised by types. For e-commerce sites, email accounts, electronic devices, and streaming services, the top password remains "123456," while "UNKNOWN" secured the top spot for social media platforms, financial accounts, and smartphones.
Out of the top 20 passwords in China, 11 of them were just numbers. The report read, “Internet users in China often use numbers in their passwords. While ’123456′ is the most used password in the country, other numerical sequences, such as ‘111111,’ ‘000000,’ and ‘12345678’ are also widely popular.”
Apart from numbers, users worldwide also choose names as popular passwords. In Austria, "Isabella" ranks as the second most used password this year, while in Greece, "Katerina" holds the 11th position.
In Mexico, a combination of a name and number like "Flores123" secures the fifth spot, and in Malaysia, "Kento123!" takes the 17th position.
In the U.K., residents' affinity for football is evident in their password choices, with names of English Premier League football clubs such as "liverpool," "arsenal," and "chelsea" claiming the 4th, 6th, and 10th spots, respectively.
What are the most common passwords in India?
Unsurprisingly, the most basic combinations like "123456", "admin" and "password" take less than a second to crack, posing an imminent threat to user data security. Some other common ones which can be cracked within minutes include: "Welcome@123", "Abcd@123", "admin123", "administrator" and "password@123".
However, not all passwords succumb so quickly. The report reveals that a seemingly stronger password like "Pass@123" holds up for a mere 5 minutes against hacking attempts. Meanwhile, more complex combinations such as "Admin@123" can withstand attacks for up to a year, emphasising the importance of robust password creation.
Interestingly, some users opt for patriotism in their passwords, as seen with "India@123," which takes approximately 3 hours to crack.
The report underscores the need for heightened awareness regarding password strength, at a time where India is reporting over 1,500 cases of cybercrime everyday. It recommends creating intricate combinations that include a mix of uppercase and lowercase letters, numbers, and symbols.
Passkeys: A modern solution to passwords?
Highlighting the increasing trend of cybercrimes, the NordPass study showed that 86% of cyberattacks use stolen credentials, while online accounts, emails and passwords make up almost 20% of the most commonly sold items on the dark web.
Passkeys are a fast, secure, and passwordless approach to logins that utilises the pin, face, or fingerprint authentication built into our devices. The report touts passkeys as a "safer and more convenient alternative to passwords". In contrast to passwords, they are resilient to online threats such as phishing, rendering them a more secure option than methods like SMS one-time codes.
However, can biometrics can ever be safe? Of late, a broadening range of applications and companies are incorporating passkeys into their authentication systems. Notable entities like Google, Amazon, YouTube, Uber, and eBay provide users with the option to use passkeys for their login credentials.
The concerns around biometric data collection are long withstanding. Biometric data, being irreplaceable, requires organisations collecting it for privacy reasons to exercise increased security. Unlike passwords or PINs, compromised biometrics cannot be changed easily, and storing them digitally, especially in regions with extensive surveillance, poses a risk of creating a lasting digital footprint vulnerable to exploitation.
