POP QUIZ: What has been the most popular—and therefore least secure—password every year since 2013? If you answered “password,” you’d be close. “Qwerty” is another contender for the dubious distinction, but the champion is the most basic, obvious password imaginable: “123456.”
Yes, people still use “123456,” according to SplashData’s ranking of the most common passwords of 2019, which the security application company bases on its analysis of millions of passwords leaked on the internet.
“Disappointingly, there are no big differences between recent worst password lists and this year’s,” says Morgan Slain, SplashData’s CEO. That’s because consumers continue to stick with passwords that are simple and easy to remember—and therefore are far too easily hacked, he says.
Here are the 10 most popular, least secure passwords of 2019, per SplashData:
- 123456
- 123456789
- qwerty
- password
- 1234567
- 12345678
- 12345
- llllll
- 123123
How to improve your own passwords:
1. Use a password manager app.
If you do, you’ll have only two passwords to remember: the password to the app and the password to the computer account you log into every day. (For work-owned devices, ask your employer’s IT team what they recommend.)
2. Use multifactor authentication (MFA) whenever possible.
MFA factors include what you know (a password), what you have (a device, such as a smartphone), and who you are (a fingerprint or facial recognition scan). Using MFA for verification, such as a code sent to a mobile device, in addition to strong, unique passwords, can give you better protection.
3. Don’t create passwords with real words.
In a so-called dictionary attack, a hacker uses software that systematically enters every word in a dictionary to figure out a password. To thwart such attacks, skip any words you’d find in Webster’s.
4. Don’t include personal details in your password.
Avoid using the name of a spouse, kid, pet, city of residence, birthplace or the like in a password, as a hacker could deduce that information from your social media accounts.
5. Use passwords that include all character types.
Go for a mix of upper- and lowercase letters, numbers and symbols.
Source: Security Smart Newsletter