Most Common Passwords: Why They Aren't Safe
How many passwords do you have? The quicker your answer, the worse things likely are. In a perfect world, every account you use should have its own, unique password. But many people recycle passwords or use shockingly easy ones because it's more convenient.
Below, we'll introduce you to the most commonly used passwords, explain why they should be avoided at all costs, and advise you on how to better secure and protect yourself and your accounts.
The World's Most Common Passwords
NordPass, in collaboration with independent cybersecurity researchers, released a list of the Top 200 most common passwords in 2021. Their Top 10 is just as shocking as that of the NCSC:
World's Most Common Passwords in 2021 | |
---|---|
1 | 123456 |
2 | 123456789 |
3 | 12345 |
4 | qwerty |
5 | password |
6 | 12345678 |
7 | 111111 |
8 | 123123 |
9 | 1234567890 |
10 | 1234567 |
The classic "123456" remains the undisputed king of bad passwords.
Why Popular Passwords Aren't Safe
Popular passwords like "123456", "password", or "qwerty" are appealing because they're easy to remember. Also, if you ever forget one of them, you can just look down at your keyboard. Since accounts are required for just about everything online these days, few people have the time to create (and save) a strong, unique password for each.
Convenience cuts both ways though: The easier a password is for you to remember, the easier it is for a cyber criminal to crack it, for example, in a brute force attack. And, supposing that you use the same password for all of your accounts, a hacker just needs to guess right once to gain access to them.
How to Protect Yourself
To put things into perspective: The most common passwords can be easily cracked in less than a second. Don't use them for anything. Instead, take the following steps to defend your accounts against unauthorized visitors.
Safe, Complex Passwords
A powerful password is an account's first line of defense. To make one, keep the following in mind:
The longer, the better
According to the National Institute of Standards and Technology, a secure password should be at least 8 characters. The longer your password is, the more difficult it will be to crack.Use different characters
The most common passwords are made up of numbers, letters, or a combination of the two. Formidable passwords go beyond this, including upper-case letters, as well as special characters like ?, !, {, or _.Avoid easy-to-remember phrases
While you might be tempted to type out a phrase or string of words with a particular meaning, don't! Birthdays or names of family members are easy to crack.Make it unique
Even the safest password shouldn't be used more than once. If it's ever leaked, it's compromised forever. Data leaks, which you can do nothing to prevent, offer criminals golden opportunities to expand their illicit activities and overwhelm even the most imposing cyber defenses.
You can use EXPERTE.com's password checker to see how safe your passwords are. If the results aren't encouraging, head over to our password generator to create strong passwords.
Should you want to take your password security to the next level and create a unique, complex password for each account you have, there are few better tools than a password manager. These automatically create secure, unique passwords and auto-complete login forms, but more on them below.
Two-Factor Authentication
A cracked password isn't the end of the world, so long as you've enabled two-factor authentication. Even with the right password, anyone who logs in from a new or unrecognized device will need to supply a second form of authentication, such as a code delivered via text message.
Whenever offered, we recommend using two-factor authentication, especially for logins from unrecognized devices.
Regular Leak Cheaks
Every now and then businesses fall prey to hackers or lose data in other ways. This can include secure passwords, instantly compromising them at absolutely no fault of your own.
To find out whether your email address has been inadvertently released in the past, use HaveIBeenPwned's email leak checker. If you've "pwned", immediately change the password for that account to something not used anywhere else.
Best Password Managers From EXPERTE.com's Assessment
Password managers offer the easiest way to protect your digital accounts with unique and powerful passwords. But that's only one of their benefits: You can use them to auto-complete login or other forms with a single mouseclick, store sensitive documents in their vaults, and create secure notes.
You won't ever need to worry about how safe your passwords are again if using a password manager.
You'll only have to remember a single, master password. With this, you can access your password manager's vault, where all of your other passwords and sensitive documents are stored.
Many different password managing solutions exist, so, to help in making up your mind, we looked at 12 of the best password managers in our comprehensive EXPERTE.com comparison. Here are our favorites
Dashlane
Dashlane emerged at the top of our EXPERTE.com comparison by doing everything just a bit better than its competitors. The web app's user interface is particularly intuitive and comes loaded with plenty of features. We especially liked the automatic password changer, which makes it possible to swap out weak passwords for most services with a few clicks.
Beyond that, the password manager is highly reliable when automatically filling out online forms, whether in a browser or on a mobile device. And the cherry on top? Dashlane is priced competitively.
1Password
1Password finished just behind Dashlane in 2nd place. Developed by AgileBits, this password manager got our nod of approval in terms of security, offering several features that its competitors lack. These include travel mode and a locally-generated 128-bit 'Secret Key', which you'll need to log in from a new device.
Another positive was the variety of data set templates on offer. You can store a copy of your passport, driving license, or even hunting permits. In terms of the essentials, 1Password also covers everything.
Keeper
Whether on your desktop or smartphone, Keeper offers a highly user-friendly experience. Particularly impressive was the free hand it grants in creating data sets, adding user-defined fields, or password-protecting specific entries with one-time passwords.
We didn't encounter any autofill issues when using Keeper, and the browser extension's options are fairly comprehensive. In light of all of the above, Keeper is one of the best password managers out there.
NordPass
Apart from that, NordPass has an elegant user interface, reliable autofill, and good data import features.
Bitwarden
Bitwarden also makes friends quickly with its free version that doesn't limit data sets or device syncs. In comparison to most password managers, its premium version is a real bargain as well.
Wherever you use the service, whether your desktop, smartphone, browser, or web interface, Bitwarden is highly intuitive. Our only complaint was that even with a premium subscription, you'll have to pay extra for most features, like password sharing.
All the same, Bitwarden is a great password manager.
Conclusion
Despite all of the cyberattacks, hacking, and identity theft plaguing the world, people still use weak and common passwords to protect sensitive and valuable information. A secure password should be at least eight characters long and include numbers, upper- and lower-case letters, and special characters. Only use a password once and for a single account.
Of course, remembering dozens, let alone hundreds of intricate and different passwords would be a challenge for anyone, making password managers an option worth seriously considering. These web-based programs automatically create secure passwords and store them in a nearly impregnable digital database. All you'll have to do is remember a single master password, which grants you access to your vault.
Apart from secure passwords, you should also enable two-factor authentication whenever a service you've registered with offers it. We also recommend regularly checking whether your email address has been compromised in any data leaks. Whenever unsure, you can see whether any password you're using has been released with our EXPERTE.com password checker.