Weak Passwords like “Password” Top Most Commonly Used List—Again

other common passwords include 123456, iloveyou, and 1234567890

By Jonny Lupsha, Wondrium Staff Writer

A list of the 10 most commonly used passwords includes “123456” and “password,” CNN reported. Millions of people use these easily hackable passwords, and they take less than one second to crack. Good, memorable passwords are possible.

Sign in dialogue box
An 11-character password, using one uppercase letter, two numerical digits, and one special character, can extend the likelihood of your password staying secure up to 810 days. Photo By Iurii Stepanov / Shutterstock

According to CNN, we’re still making it easy on hackers to access our private data and online accounts. “It’s 2020 and it may be time to beef up your security game because, according to new research, people are still using easy-to-hack passwords like ‘123456789,’ the word ‘password’ and ‘iloveyou,'” the article said. “Of the 200 worst passwords, ‘123456’ is the most commonly used of 2020, with 2,543,285 people choosing it.

“Despite several reminders from cybersecurity experts, NordPass says that after comparing the list of the most common passwords of 2020 and 2019, there is little to no difference—aka we haven’t learned much.”

Remembering passwords for the number of online accounts we have can be a headache, especially since different websites have different requirements for passwords, like numbers, special symbols, and so on. However, better password protection can prevent a much bigger headache.

Bad Passwords

Daniel Lowrie, an IT educator at ITProTV, offered some sobering statistics on cybersecurity and computer software that cracks passwords.

“A seven-character password with one uppercase letter, two digits, and one special character—that’s an exclamation point, a hashtag, something like that—running that through an average password cracker, you’re going to crack that password in 0.24 minutes,” Lowrie said. “But the longer we make that password, the more secure it becomes. And you see that with an eight-character password with one uppercase character, two digits, [and one special character] and that jumps to 1.11 hours.”

Just by adding one extra regular alphabetical character to a password, the time required to hack it grew from about 15 seconds to about an hour and six minutes. Finally, Lowrie said that a 10-character password that includes one uppercase character, two digits, and one special character takes more than 31 days for a password cracker to solve.

However, even the 10-character option isn’t a particularly strong option.

Stronger Options

What about an 11-character password? By adding just one more alphabetical character to this standard password pattern—which includes one uppercase letter, two numerical digits, and one special character—you can extend the likelihood of your password staying secure to 810 days. That’s approximately two years, two months, and three weeks.

For the most secure passwords, Lowrie advised using phrases instead of words.

“Words can be easily forgotten, or they’re too short—that’s typically the problem; they’re just too short,” he said. “So we make a phrase—something that I can easily remember. I can remember the Preamble to the Constitution: ‘We the people of the United States,’ and so on and so forth.”

By picking a phrase that’s burned into your brain, he said, whether it’s the opening to Star Trek or the Pledge of Allegiance, your password gets longer, which makes it more difficult to crack; and it’s easy to remember. In an onscreen example, he turned the Preamble to the Constitution into the password “Wethepeopleofthe01us!” (including the exclamation point as a special character).

Acronyms also work. The password “#lmmsohtehcaw001” looks like an impossible to remember string of characters until we remember our nursery rhymes. In reality, this password is derived from the line Little Miss Muffet sat on her tuffet eating her curds and whey, with a simple hashtag before it and the three-digit number 001 on the end.

For comparison to the bad passwords, Lowrie said that the Preamble passphrase would take an average password cracker program 313 trillion years to crack, while Little Miss Muffet would protect your data for 10 million years.

Those fare far better than “password.”

Edited by Angela Shoemaker, Wondrium Daily

Daniel Lowrie contributed to this article. Mr. Lowrie worked professionally as a systems administrator and as a network administrator before switching to IT education. He is certified in CompTIA A+, Network+, Linux+, CySA+, and PenTest+; CEH; MCSA; CFR; and eJPT.