We Don’t Learn From Our Mistakes: 2020’s Most Popular Passwords
After a series of high-profile breaches, we wanted to update an article we developed a few years ago about some of the disturbing trends we continue to see with end user password behaviors. It’s fair to assume that a strong password is one of the most important security tools that any user can employ to minimize the chances of a breach, but we unfortunately see that users oftentimes continue to be unaware of the dangers of weak passwords or weak password management policies.
“Each year, researchers from NordPass survey millions of passwords to determine the worst passwords people use. Despite the countless warnings from cybersecurity experts, people continue to choose weak, guessable, and sometimes embarrassing login credentials to protect their most precious information. Case in point, the top, most used phrase was, yet again, ‘123456.’
The list features several other ineffective passwords that have long remained on the list. This includes “password” in fourth place, “111111” in sixth, and “qwerty,” in 10th. However, we did see some new entries on Nord’s annual list, including “picture1,” “chatbooks,” “jacket025,” “evite,” “babygirl1,” and “default.”
If you’re looking for password ideas, don’t look to a galaxy far, far away: ‘Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,’ said Morgan Slain, CEO of SplashData back in 2017. ‘Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.’
Despite Slain’s warning, “starwars,” “batman,” and “pokemon” still rank amongst the top, most used passwords in 2020.
Password Security Best Practices
Maybe you’re already a proactive password producer — you use a password management tool and avoid crackable options like your birthday or address, but you could still do more to keep your information safe. While it’s true, no one enjoys remembering passwords — bogging down your brain with a mental list of strategically picked nonsense — doing so may make the difference between security and danger. Here’s how you can better create and protect your passwords.
- Don’t just rely on a password management tool, set up Multi Factor Authentication as well. Most up-to-date apps and software have MFA options in the settings menu: some may even ask if you’d like to set up MFA when you create your account.
- Set all passwords to expire after 90 days.
- Memorize at least 10 passwords — don’t reuse them.
- Use at least eight characters in every password, ideally incorporating letters, numbers, and symbols. Tempting though it is, don’t use full words — you’re probably not as original as you think.
- Set your passwords to lock anyone out after five unsuccessful attempts.
By employing these password best practices and encouraging your teams to do so as well, will go a long way toward strengthening your cybersecurity posture and significantly reduce the chances of a breach. As today’s cybersecurity landscape becomes increasingly more volatile, it’s of the utmost importance that you address these seemingly small issues and understand how your seemingly benign actions can negatively impact your organization. To that point, it’s just as important that your team understand how these small precautions help and in addition to enforcing a strong password policy or implementing a password management tool, we recommend routine end user security awareness training. Not only does this training help users proactively address red flags that could lead to a breach, it helps them understand that you’re only as strong as your weakest link and that your organization’s cybersecurity- and safety- depend on their vigilance and understanding of these potential threats.