Your weak passwords can be cracked in less than a second

Easy-to-crack phrases "123456," "123456789," "12345," "qwerty" and "password" are the five most common passwords, says NordPass.

Passwords on sticky notes

Image: Roobcio/Shutterstock

Security experts keep telling people that they need to use strong and complex passwords to protect themselves and their online information. But despite the advice, too many users continue to rely on weak and simple passwords that require virtually no time to crack.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

Of course, creating and maintaining a complex password for every account you use is a daunting task. But the alternative puts you and your most sensitive data at risk. A report released Wednesday by password manager NordPass looks at the 200 most common passwords and offers tips on how to practice better password hygiene.

To conduct its latest research, NordPass compiled its list of passwords by analyzing a huge database in partnership with independent researchers who focus on cybersecurity incidents.

The list of top 10 most common passwords comprised such old favorites as "123456," "123456789," "12345," "qwerty," "password," "12345678," "111111," "123123," "1234567890" and "1234567." Further down the list were such passwords as "iloveyou," "dragon," "monkey," "football" and "baseball."

Cybercriminals use automated tools to conduct brute force attacks to obtain account passwords. And the weaker the password, the easier and faster it is to determine. All except 30 of the top 200 most common passwords could be cracked in less than a second. Some of the few exceptions were such passwords as "chocolate," which can be cracked in three seconds, "michael," which would take eight seconds to crack, "tinkle," which could be cracked in two minutes, "jennifer," cracked in two hours, and "myspace1," which would take three hours to crack.

SEE: How password anxiety is impacting individuals and organizations (TechRepublic)

People who turn to weak passwords sometimes follow certain patterns or trends, such as names, sports teams and animals. For 2021, NordPass found that a large number of users rely on their own name as a password. "Liverpool" is often kicked off as a password, perhaps as a nod to the European football (aka soccer) team. Among apparent car enthusiasts, "Ferrari" and "Porsche" revved up as the most popular auto brands used as passwords.

"Dolphin" swam in as the top animal-related password in many countries. And swear words are often used for passwords, more often by men than by women.

Devising and managing a strong and unique password for every account you use is a challenge. But to help you protect yourself and your information, NordPass offers the following tips:

  1. Use complex passwords. A complex password contains at least 12 characters and a varied combination of upper- and lowercase letters, numbers and symbols. To more easily and quickly create a complex password, turn to an online password generator. There are many such tools available on the web. Fire up your favorite search engine and search for the term "online password generator."
  2. Don't reuse passwords. Finding the same password used by the same person across multiple websites is the dream of every hacker. If one of your accounts gets compromised, they'll all suffer the same fate.
  3. Update your passwords. Some experts recommend changing your passwords every three months in case any one password has been compromised without your knowledge.
  4. Check the strength of your passwords. How do you know if your password is strong enough to secure your accounts? Tools are available online that can check the security of your password. Run a search for the term "password health check."
  5. Use multi-factor authentication (MFA). To better protect your passwords and your accounts from compromise, use MFA whenever and wherever possible.
  6. Use a password manager. Juggling a different complex password for every account is impossible without some help. Your best bet is to use a password manager to create, store and retrieve your passwords.

Also see

By Lance Whitney

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.