In 1987, comedian Mel Brooks made fun of the password 12345 (and those who use it) in one of his movies—but here’s the not-so-funny punchline: that same bad password is the third most-common one in use THIS YEAR.
Yes, despite countless data breaches, tons of people are still using terrible, easily guessable, non-unique passwords.
We know this because NordPass, a password manager provider, recently crunched 4 terabytes worth of data from independent data researchers to see what passwords are used most frequently.
Are you guilty of using one? Check out the top 20 most common passwords:
- 123456
- 123456789
- 12345
- qwerty
- password
- 12345678
- 111111
- 123123
- 1234567890
- 1234567
- qwerty123
- 000000
- 1q2w3e
- aa12345678
- abc123
- password1
- 1234
- qwertyuiop
- 123321
- password123
NordPass says any of these passwords take less than a second to crack. Read that again: LESS THAN ONE SECOND.
That’s because, in the case of 123456, for example, it was used over 100 million times last year.
This means these “passwords” are pretty much useless. If you use any of them, you’ve basically handed out your password out to a few million strangers on the internet.
You might be thinking:
“But I only use bad passwords on unimportant online accounts.”
Let us ask you: Do you enjoy getting lots of spam email? Do you like getting phishing calls and texts? If the answer is ‘no’ to either of these questions, stop using bad passwords.
Even if only your email address or phone number are part of a data breach, scammers discover this information is current and active. This means you’ll likely have to wade through a barrage of new spam in your inbox (until your filter catches up)—much of which may be phishing emails. Sooner or later you may accidentally fall for one or click on a phishing email link that downloads malware onto your computer.
And this is assuming there is zero payment information tied to whatever account had the bad password. If there is, you’ve basically handed your credit card number to millions. Stop making it easy on hackers and scammers!
How to quickly make strong passwords
The Electronic Frontier Foundation says we’re not good at making unpredictable choices. Using dice and a word list together, you can easily make random number and word selections.
If you don’t have those two things at the ready, just make sure you do your best to:
- Not include personal info. CNET says, “Avoid using your name, nickname, the name of your pet, your birthday or anniversary, your street name, or anything associated with you that someone could find out from social media, or in a heartfelt conversation with a stranger on airplane or at the bar.”
- Make it long. The minimum is 8 characters. The longer the better!
- Don’t use any of the passwords listed here. We had to say it, even though it should be obvious!
- Don’t reuse passwords. It’s tempting to be lazy, but don’t be. If a hacker gets a password from one breach, they can then unlock every account associated with it.
P.S. (If you’re not familiar with the Mel Brooks joke referenced at the start of this blog, it’s from a scene in Spaceballs 😊. You can watch an edited-for-the-joke version on YouTube.)