Identity theft is a serious problem: Millions of Americans are falling prey to cybercrime every year, and with more and more of our lives online the risk only increases. The key to protecting your online identity starts with the most commonly used part of accessing internet services: The password.

Using secure passwords can be difficult–I know I’m guilty of using the same password over and over again, something that has recently come back to bite me as I get email after email telling me someone has tried logging in to my accounts.

My current problem could have been far worse if I had been guilty of using some of the most common passwords that were uncovered recently by online IT training firm CBT Nuggets. It just published that and some other startling password facts that every internet user needs to know about.

Which words are widespread?

One of the fundamental rules of good password creation is to use words that other people don’t. The study found that of 50,000 passwords surveyed, there were several that were far more common than others. Love, star, girl, angel, and rock came in at the top five: If you’re guilty of including one of them it’s time to make some changes.

SEE: Business ID theft: Slow progress in the battle against fraudsters (TechRepublic)

Dictionary attacks remain one of the most common ways hackers crack passwords in systems that don’t lock accounts out after a few tries. They simply compile lists of the most commonly used passwords and brute force accounts until they come up with a match.

It’s not just common words that are causing leaks: 42 percent of the passwords surveyed contained usernames, real names, or other publically available information. The most common offenders of name usage in passwords? Lisa, Amy, Scott, and Mark.

The demographics of getting hacked

Using your own name, your username, a pet’s name, or any other identifying feature is the perfect way to ensure you’re a target, but there are several other risk factors that can make you an easy mark.

Men are more likely to be hacked, but only by a few points (male = 53 percent; female =47 percent). Perhaps surprisingly, the most common age group of password hacking victims is 25- to 34-year olds. The study says that a possible cause is that this age group grew up along with the internet and in the earliest years weren’t taught the importance of good password use.

SEE: AI stops identity fraud before it occurs (TechRepublic)

Predictably, Yahoo users are the most likely to have their passwords leaked–nearly half of hacked password surveyed came from Yahoo. Many of these probably came from this year’s leak of 500 million Yahoo passwords.

Wondering which website has the least secure users? AOL, Yahoo, and Hotmail are the most likely places to find passwords containing a username or real name.

How to stay safe

The password is a ubiquitous, and entirely unreliable, security method. Cracking methods are constantly becoming more sophisticated, machines used to perform brute force attacks keep getting faster, and there’s no solution for the weakest part of the system: The humans using it.

Truly secure passwords need to be long, random, and changed frequently. The best way to do that is by using an encrypted password management app. These apps store credentials to any number of websites, can create secure randomized passwords, and use a single sign-on to unlock your accounts.

You can remove all the Amy, love, Scott, star, and 123s from your passwords you want but if you make them out of names and words you’re still a predictable human. Security means using a machine to trick a machine.

The 3 big takeaways for TechRepublic readers

  1. Nearly half of passwords surveyed contained a username or real name. The most common were Amy, Lisa, Scott, and Mark.
  2. The most commonly hacked age group is the 25-34 year old range, which many may find surprising. Growing up in the early days of the internet, the study argues, has led many people to become complacent.
  3. The most effective way to secure internet accounts is with a randomized password containing upper- and lowercase letters, numbers, and symbols. This is best done using a password manager that can generate and securely store passwords.

Also see