Cybersecurity

„123456” and „password”: These were last year's most insecure passwords

Passwords are often the only protection a digital user account has. If it is easy to guess, it is child's play even for amateur hackers to try them out and crack the account. The consequences can be severe and can go as far as identity theft.

zumachen, schliessen, makro, grossaufnahme, macro

Particularly easy to guess are passwords that are used frequently and consist of words from the dictionary, or simple strings of numbers. Every year, IT security companies create their "best lists" of passwords that are the most used and therefore the most insecure.

The software company NordPass recently published its research on the most used passwords of 2020. According to NordPass, a database of 275,699,516 passwords was analyzed for this purpose. Of these, only 122,894,788, or 44 percent, were unique and not easy to guess. 

Chad Hammond, an IT security expert at NordPass, thus advises all users to change insecure passwords immediately. "Most of these passwords can be hacked in a matter of seconds - and they've been hacked multiple times. For example, the most popular password ,123456' has already been hacked 23,597,311 times."

The security expert is aware of the dangers that can arise if a unique password or an easy-to-hack password is not used: "For example, a weak password can be used for credential stuffing attacks. This involves using published login credentials to gain further access to other accounts. If you become a victim of a credential stuffing attack, you can lose your Facebook or other important account with all its content. Besides, the email address can be used for phishing attacks or to deceive your friends and family, thinking that mails are coming from you," Chad Hammond explains.

These were the "Top 20" most insecure passwords of 2020:

1. 123456

2. 123456789

3. picture1

4. password

5. 12345678

6. 111111

7. 123123

8. 12345

9. 1234567890

10. senha (bedeutet “Passwort” auf Portugiesisch)

11. 1234567

12. qwerty

13. abc123

14. Million2

15. 000000

16. 1234

17. iloveyou

18. aaron431

19. password1

20. qqww1122

Click here for the complete list of all “Top 200” most insecure passwords of 2020

What to do if your own passwords appear in the list?

Here are the top five tips to make passwords more secure:

1. Update all your insecure passwords and use unique and complicated ones to secure the account. You can also use a password generator or save the passwords in the browser to make sure they can't be guessed. These little helpers are great at generating and storing very secure passwords. Newer password managers even have other useful features that help find out if one of your accounts has been hacked.

2. Browse through all your online accounts and delete the ones you no longer need. Never use the same password for different accounts.

3. You can check for yourself whether a current password has already been published online, for example, on this page. The site "Have I been pawnd?” offers a similar service. Here, you enter your e-mail address and immediately get an info if and how often it appears (with password) in lists published by hackers on the net.

4. Use two-factor authentication whenever possible. Either via a special app, with one-time TANs via SMS, biometric data or as a hardware security key. Every account becomes much more secure with a second request, as this means an additional security level that can only be overcome with a lot of effort in terms of technology and time.

5. Make sure that you regularly check your accounts for any suspicious activity. For example, for requests at unusual times or from unknown computers. Many online services, such as Google, will then send out a security warning. If you notice anything unusual, change your password immediately. This is the only way to ensure that no one but you can use the account.

Text: Helge Denker