CyberNews analyzed more than 15 billion passwords; if your favorite one is at the top of the list, it's time to change right now.
"World's Best Boss" Michael Scott caused an unplanned power outage (he's used both a space heater and fan on high and in the same socket). Power returns nearly immediately, but the server now needs a password Jim Halpert says, in a memorable scene from NBC's long-running "The Office."
"Did you try 'password'?" Michael asks. When that doesn't work, Dwight Schrute offers up, "Try 000000." No, but he immediately suggests the same series of zeroes, adding a "one" to the end.
While it's eventually revealed to be "bigboobz," Michael pipes up, "The important thing is, this kept us secure, people."
What resonated so amusingly to audiences was how the dilemma was so familiar, combined with the ultimate unoriginality of choice. That 2010 episode of "The Office" (Season 7, episode nine) also showed the machinations of figuring out what the password would be. Pam Halpert suggested they might try to guess what was popular in the year it was originally created (revealed to be eight years prior, to which she guessed, "'Lord of the Rings,' what else was popular then?"). The correct password is "figured out" by remembering the "IT guy" who created it and, when Michael says, "It made me laugh, but Pam was offended."
New research from CyberNews.com analyzed 15.2 billion passwords based on term categories, with only 2.2 billion being considered "unique." People, the data showed, choose passwords based, obviously, on what they think they can remember, but can be deciphered by hackers based on the creator, patterns, and personality.
Even President Donald Trump was reportedly hacked by a Dutch researcher who quickly guessed his password was "yourefired" as well as its replacement, "maga2020!."
SEE: Identity theft protection policy (TechRepublic Premium)
CyberNews' data was focused on the patterns "everyday people" used to create passwords. The findings were the result of "collected data from publicly leaked data breaches, including the Breach Compilation, Collection #1-5, and other accounts." The data was subsequently anonymized, and passwords detached so the data could be analyzed in isolation.
Through 2020, hackers could make a rough yet accurate assumption of a year used as a password: Birthday, the year password was created, and lastly, an otherwise special year. The most blatant example of this was in 2010, when variations of the date lead to the most popular passwords. The second-most popular year used was "1987" at 8.4 million, and the third was "1991" at nearly 8.3 million. Most of the years used were from "1940" to "1990."
In analysis, it's likely that those years correlate to the year creators were born, revealing more creators born from 1980 to 1990 than were born in 1940 to 1980. However, it revealed that 2010 was unlikely a birth year, but a combination of password and special year. The spike in using 2000 not only could refer to birth years, but a nod to the millennium or a significant event.
Name that password
First names were only used by less than a percent of the total analyzed, but the top 10 names used were Eva (7.1 million), Alex, Anna, Max, Ava, Ella, Leo, Jack, Ryan, and Daniel (2.4 million).
Rah-rah, go team
Choosing a favorite sporting team is common, too, with the NBA's Phoenix Suns topping the list, followed by Miami Heat. The other sports-related team names were, in order, reds, magic, Liverpool (also the most popular sports team), angels, kinds, arsenal, jazz, and Chelsea. CyberNews acknowledges that names like reds, magic, angels, etc. may not even be sports related, but popular words with password creators.
About 7% of passwords were either curse words or sex-related. The No. 1 choice was "ass" (27 million people use it), followed by "sex" at slightly more than 5 million. Used in less than 5 million passwords, but coming in third is the F-word. The list of favorite curse words are from most to least, CyberNews said were ass, sex, f*ck, god, sexy, butt, bitch, cow (?), sh*t, and arse.
Another set of passwords commonly used featured some variation of the city in which the creator lived, citing an appreciation or dislike, such as "ihatephiladelphia2020!" The No. 1 city, the data found was abu (for UAE's Abu Dhabi), followed by (lower case is the format CyberNews uses) rome, lima, hong, milan, london, liverpool, austin, antonio, and york. Texas cities Austin and San Antonio are the only US representation on the list, the data showed.
Research was conducted on the most to least popular seasons, weekdays and months.
From most to least used (lower case is researchers' choice)
- Seasons: summer, winter, spring, autumn
- Weekdays: friday, monday, sunday, tuesday, thursday, wednesday, saturday
- Months: may, june august, april, july, march, october, november, december, september, january, and february
There are a lot of people who love food, from foodies to junk-food addicts, but despite 42 million uses of food-related words, it represents only 1.9% of the total.
The most common to least of the top food-related choices are pan, ice, tea, pie, nut, fish, water, butter, cookie, rice, cake.
So the most frequently chosen passwords are based on years, names, curses, cities and food, but passwords are also considered "weak" if the creator doesn't include numbers or "special characters."
The data concludes that "The best passwords are the ones you don't remember at all." CyberNews recommends strong passwords, using password managers, and strong phrases using mnemonic devices, words with little relation to each other.
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)
- Shadow IT policy (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Tom Merritt's Top 5 series (TechRepublic on Flipboard)