World’s Worst Passwords: Is it time to change yours?

The awareness of Password Sanitization is very less among people. As per ISO and NIST standards, you must have an 8 characters password with features like an Alphanumeric password having 1 Uppercase, 1 Lowercase, 1 Number, and 1 symbol. This password should be changed quarterly and in the case of  12 character password, there is no need to change the password periodically. With the whopping rise in data breaches, looking after your passwords is as necessary as ever. One of the key elements of a strong password is its uniqueness.

The easiest password to be hacked.

Password management specialist, SplashData has released its eight ‘Worst Passwords of the Year’ list: an introduction to the most relatively easy to guess and used passwords. The list is defined after evaluating more than 5 million passwords that were leaked on the internet (passwords relating to hacks of adult sites are not included!).  

It is reckoned that 10 percent of internet users are at fault for having at least one of the top 25 most popular passwords and 3 percent of people use the very worst password similar to ‘123456’ or “abcde”.

Exceptionally lazy numerical and common keyboard ​patterns feature heavily in the list (e.g. ‘qwerty’ and ‘abc123’). Obvious phrases are popular too; prominent examples of this include ‘password’ and ‘iloveyou’.

Celebrity or City names have always been a popular go-to source of passwords for many unfortunate users. Combining this with a little bit of social profiling and you’ve got a problem: (tip: LionelMessi10 is never a good choice; London123 is not goto password for doubly so if your Facebook page is full of Barca-related posts or Working in that city).

Here’s the 2021 list of 25 weakest passwords :

1. 123456 
2. 123456789
3. Picture 1
4. password
5. 12345678
6. 111111
7. 123123
8. 12345
9. 1234567890
10. senha
11. 1234567
12. qwerty
13. abc123
14. Million2
15. 000000
16. 1234
17. iloveyou
18. aaron431
19. password1
20. qqww1122
21. 123
22. omgpop
23. 123321
24. 654321
25. qwertyuiop

What are the consequences of a bad password?

The main reason to put up a password is to put in place extra security between a criminal and the network, system, device, program, or account for which you don’t want to publicize the data. So the more prominent/ famous the password, the weaker that hurdle. Here’s a closer look at how you’re in danger…

When it comes to system intrusion, you are not simply dealing with an intruder trying to hack manually using different password permutations and combinations. You are highly likely to encounter a brute force hacking attempt. With this type of intrusive attack, the hacker uses a tool to work through various combinations of usernames and passwords until a correct combination is found.

There are several common methods of brute force attack (all of which are made a lot easier where the type of password listed above is used!):

Dictionary attack. In this type of attack, hackers take efforts to identify  from a long list of possible passwords and use them all. You can strain this quite significantly by making certain guesses about the type of user you are targeting.

Credential recycling. The hacker gets hold of Intel on passwords and usernames from other breaches and uses this data as a basis for a fresh attack of their own. It can often yield results because many of us are guilty of recycling login details for multiple accounts.

Reverse brute force attack. Let’s say that the attacker wants to intrude on a big company. Of all the users on the network, they take a chance that few of the network or host users will be dumb or lazy enough to have the likes of ‘123456’ as their password. Extracting information from sites like LinkedIn, they attempt to match possible userid to this popular password.

Let’s discuss some statistics for password weakness.

One of the most interesting facts is when we researched for years as part of passwords from 1900-2020.

From an analysis, 2010 was one of the most used years as part of password followed by 1987 and 1991.

The most favorite names in the password were Eva & Alex respectively after that was Anna and least favorite was Daniel.

The world’s most favorite sport and team used as a combination in password were NBA’s Phoenix suns, post that Miami Heat, later that was MLB’s Cincinnati Reds. European soccer clubs also appeared 3 times as Liverpool, Chelsea, and Arsenal.

People were interested to mention cities like Birthplace, favorite spots, etc for their password combination. Abu Dhabi was ranked 1st, followed by Rome, lima, Hong Kong, Milan, London, Liverpool, Austin, Antonio & New York.

The favorite food for password was Ice-cream, tea, Pie, Nut & Fish as top five

As an Organization, How you can safeguard your system from hacking.

1. Implementation of Password Policy

•  8-12 characters length
• Alphanumeric
• Uppercase
• Lowercase
• Number
• Symbol
• It should be changed every quarter

2. Network configured for alerting and blocking Sync flood
3. User accounts to be blocked after 3-10 wrong attempts basis Industry standard
4. No use of password history 3-12 months
5. No use of dictionary words, names, etc

Conclusion

Lazy and weak passwords are a cakewalk to intrude and get your Data. So to keep your data secured, implementation of a strong password policy and making your user aware of it is highly important.

Follow WeSecureApp on social channels to get such insights.