The worst passwords of 2019… did we learn nothing?

2019 seems to have been no different yet, proving bad habits are dying hard and many of us are still willing to risk putting our accounts and personal information in the cyber criminals’ line of fire.

Would you like to become a cyber security champion? 

Download our Cyber Security White Paper

Passwords are important. However, many who use the internet and online world, still fail to understand just how much. American newspaper USA Today highlighted just how much a bad password can affect us when they said “Your password can ruin your life. I know that sounds dramatic, but it’s true. If someone figures out the password to your email, you’re in trouble. Social media? Even worse. Once hackers access your online bank account, they can wreck your finances, and you may feel the repercussions of that break-in for years”. While this comment has focused on how we are personally affected by poor password practises, it is important to keep this in mind for the impact it can have on a business. A successful cyber-attack can result in the loss of critical business data including personal customer information.If this happens, you risk being met not only with financial loses but also with worrying reputational consequences.

In 2019, a variety of data breaches have impacted millions of internet users; the first six months of 2019 saw more than 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records. With cyber-attacks nowadays being even more prevalent, we all need to step up our information security game to be able to keep our personal and business data secure.

Every year SplashData analyses more than 5 million leaked passwords and recently released their 2019 list of the most widely used passwords. “Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” said Morgan Slain, CEO of SplashData. “It’s a real head-scratcher that with all the risks known, and with so many highly publicised hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”

To no surprise, ‘123456’ took the lead for the most commonly used password (for the sixth consecutive year!), with ‘password’ losing its spot and being pushed down from 2nd place in 2018 to 4th place this year. Moving up the list was ‘123456789’ and ‘qwerty’, which have both gained 2nd and 3rd place in comparison to last year.

So, here they are, the top 10 most commonly used passwords, according to SplashData.

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 1234567
  6. 12345678
  7. 12345
  8. iloveyou
  9. 111111
  10. 123123

You can view the full list here.

Looking at the first 10 on the list, it’s obvious that you can easily guess these. Password related risks are significant. Therefore, if you remember any of the passwords on the list, we strongly recommend that you prioritise changing your passwords to stronger ones in 2020.

If you’re struggling to know where to start when it comes to creating a strong password, why not check out our complete guide for creating a password that doesn’t SUCK here.

These simple and easy to guess passwords continue to be used by people mainly because they are easy to remember. We get it, remembering lots of passwords is difficult, but that doesn’t mean it should be done. Other uses to continue to do this for other reasons such as believing they aren’t a target or because they haven’t been hacked… yet. Data is becoming increasingly valuable so anyone in the online world with an account is a target.

Password hacking software’s have evolved massively in the past few years and made it easier for cyber criminals to crack millions of password options in minutes. For example, hackers will have a programme in a brute-force attack which tries to guess every possible combination until it reaches yours. They always start first with the most widely used passwords and then move on to the more complicated sentences.

It is estimated by SplashData that almost 10% of people have used at least one password on this year’s list. Ensuring you have good password hygiene will help to keep your accounts out of the hands of cyber criminals. Some of our practical tips include:

  • Delete all accounts you no longer use
  • Update all your passwords to use passphrases of 12 characters or more with mixed types of characters
  • Use a different password for each of your accounts
  • Use a password manager to help you organise, remember, and generate secure random passwords
  • Always use two-factor authentication (2FA) to add an extra layer by being something you know, and something you have

In an era where we use passwords for nearly everything, and one where online account data is compromised by the millions, it is time to seriously think about cyber security defences. A poor password is a tragedy waiting to happen – 2020 is the year before it’s too late to act!

Please get in touch if you would like assistance with the cyber security in your business.