The NordPass Research team has published a list of the 200 most popular passwords. If you use any of these most popular passwords… don’t worry, we have recommendations to create strong passwords in 2023.
NordPass Research partnered with independent researchers who are experts in compiling data about cybersecurity incidents. Data was drawn from millions of users and 30 countries, resulting in a whopping 3 TB database of users and user passwords.
In all 30 countries, “password” and “123456” take spots #1 and #2. In the US however, “guest” takes the cake. You can explore the list yourself for those who are curious; NordPass provided ways to filter to specific countries, user gender if available, how many people they found who used it, and most interestingly, how long it took to crack these passwords.
This is the largest concern beneath the fun, dorky content. The majority of these 200 most common passwords took less than one second to crack. #26, a simple “basketball” takes a whopping ten seconds to crack, while the garbage-looking “1q2w3e4r” takes less than one second.
Our employees at SpireTech like to reference this xkcd comic, which illustrates that the most complex passwords for humans to remember are typically the easiest for computers to hack. Guess which example in the webcomic is more difficult to hack: Tr0ub4dor&3, or correcthorsebatterystaple. Go ahead. Guess.
These lists are charming to explore, if only to chuckle at the common passwords people enjoy using. Some of our favorites: pokemon, letmein, matrix and freedom.
Password security tips in 2023
- Favor passphrases, bonus points if it is easy to remember.
- Use additional numbers or special characters.
- Keep records of this password in a secure place, like a password manager.
- Rotate or change passwords
- Include 15 characters or more
While crafting and using strong passwords go a long way in cybersecurity hygiene, enacting try/fail password locking for your organization is strongly recommended by cybersecurity experts. Try/fail password locking locks everyone from getting into an account temporarily; the user can configure how many attempts a person may have to login with the correct credentials before they are locked out. This is an excellent tool in your defenses, and absolutely should be used. This decreases the password vulnerability that remains.
Despite the content, cybersecurity is no joke. SpireTech provides our clients with our recommendations, which are constantly changing. Ensuring your organization is protected from hacking attempts as well as human fallibility is something that will only improve your business.