Posted by: Heather Shy on December 11, 2020 at 8:00 am
For anyone responsible for computer network security, it’s one of the best/worst times of the year. Yes, it’s “worst passwords list” time again!
NordPass presents this year’s list of 200 most common passwords, ranked by number of users. In addition, each entry shows how the password moved up or down on the list, how long it would take to crack it, and how many times the password was exposed.
Looking at only the new entries for this year shows that a lot of people attempt to create creative, secure, and memorable passwords. Unfortunately, many of these fall into the same old traps of past years. (Click to read our analyses from 2017, 2018, and 2019.) Let’s look at some of these categories:
New Passwords With Sequences of Letters and Numbers
No matter whether someone goes in numerical, alphabetical, or keyboard layout order, using a sequence of letters, numbers, or even a mix of both will not produce a secure password. Please don’t do this.
Of the list of 200, thirty-two (32) new entries on this year’s list were number/letter sequences. Please don’t do this, folks. It does not work.
Non-English Words as Passwords
Admittedly, these may have been gathered in breaches targeted outside the United States, but we can’t rule out the possibility that English speakers are trying to use non-English terms. Unfortunately, using the non-English translation of a common English password is not a good strategy either.
- senha – “Senha” is the Portuguese word for… password, the fourth most-common hacked password.
- anhyeuem – “Anh yêu em” means “I love you” in Vietnamese. Please note that “iloveyou” is #17 on the list.
Really, Really Clever New Passwords
We’re so sorry. These are not very clever. But nice try!
- unknown – Thinking that letting login page do the heavy work by prompting you that “the password you entered is unknown” is a clever trick? Not so clever, sorry.
- default – “Change your default password” is good advice, but does not mean change your password to “default.”
- trustno1 – Reference to The X-Files or just nervous? Either way, this paranoid password just isn’t secure.
Unfortunately, simply adding a number to the end of a much-used password doesn’t work either.
How to Create a Secure Password
Our point in sharing this with you is to help you and your staff keep your network secure. We recommend using the list as a guide to the least-secure passwords you could possibly use. You may, in fact, consider prohibiting staff from using any of these terms as passwords.
It’s human nature, however, to make passwords that are easy to remember. Here are some ways to make passwords safer and more secure:
- Use a password manager
- Require multi-factor authentication
- Institute policies requiring strong passwords
- Time-limit passwords, requiring changes at regular intervals
Need more help? TAZ Networks provides managed network security services to small and mid-sized businesses in the metro Detroit area. Fill out the form on this page and one of our account managers will contact you.