You may think that having a strong, secure password for your online accounts is obvious, but not everyone follows cybersecurity guidelines when it comes to creating passwords. Every year, research firms collect data on the most commonly used passwords. And year after year the data show that, in general, people are using the same weak, easy-to-crack passwords. And to make matters worse, using the same one across multiple accounts. Findings from 2021 came out at the end of the year and sadly it’s the same story!
Here you can see the top 10 most commonly used passwords in the United States in 2021. Researchers also calculate how long each password takes to crack. All of these can be cracked in less than a second.
Why is all this important? Because poor password hygiene habits make it easier for criminals to commit cybercrimes.
- Most data breaches involve the use, or misuse of weak, stolen, or default passwords.
- In recent years there has been an increase in cyberattack methods called ‘credential phishing and credential stuffing’. This is when criminals trick people, using in a phishing email, into revealing their account log in information. These log in credentials are often sold to other criminals who use special software to try thousands of “matches” at a time; cross-referencing the stolen usernames, login IDs, and passwords that work on one website with other websites. When they find a match—meaning the victim’s username and password from site A are the same ones they use on site B—criminals can use that information to steal money and more identifying information.
- This strategy works because the vast majority of people—up to 83% according to recent research—use the same password for more than one account. This is a hacker’s dream scenario. All they need is one password and they can access all of that person’s accounts. If we continue to use the same login and password for multiple sites, credential stuffing will continue to be an issue.
What can you do?
- Use the longest password or passphrase allowable by each password system. Every character you add makes your password that much more difficult to crack. Many computers now have password generators that can help you come up with complex passwords, and store them safely.
- Always use different passwords for different accounts and devices so that if attackers do guess or steal one password, they will not have access to all of your accounts.
- Don’t use personal information (e.g., pet’s names, birthdates, anniversaries), dictionary words, or system defaults as your password. They are way too easy for criminals to crack.
- Sharing too much information on social media can allow attackers to guess passwords (if they have been based on personal information) or extract a company’s confidential information through posts by employees.
- Use a password manager to keep all of your long, complex passwords secure.
Passwords are the first line of defense against cybercriminals who are trying to steal your personally identifiable information. The stronger your passwords are, the more protected you’ll be. To learn more about this and other ways to avoid being the victim of cybercrime, ask about the Grace Hill Cybersecurity training series.