About 70% of the world’s most popular passwords can be cracked in less than a second
Cybersecurity experts urge users to up their account protection
June 17, 2020. According to the data provided by the NordPass password manager, nearly 70% (69,5%) of the most popular passwords people use can be hacked in less than a second.
Here are the top 10 passwords of 2019 along with the time it takes to hack them and the number of times they’ve been exposed in various data breaches.
Password | How long does it take to hack? | How many times has it been exposed? |
12345 | Less than a second | 2,380,800 |
123456 | Less than a second | 23,547,453 |
123456789 | Less than a second | 7,799,814 |
test1 | Less than a second | 13,518 |
Password | Less than a second | 130,999 |
12345678 | Less than a second | 2,938,594 |
zinch | Less than a second | 14 |
g_czechout | 12 days | Never |
asdf | Less than a second | 315,892 |
qwerty | Less than a second | 3,912,816 |
“Millions of people still use generic, popular, and widely used passwords. While these might be easier to remember, people are doing hackers a huge favor by using them, as it will only take a second to crack such a weak password,” says Chad Hammond, a security expert at NordPass.
How do hackers crack these passwords? “While hackers use many effective techniques, the most common is the so-called “brute-force” attack. It’s an automated, common, and effective method to hack people’s passwords,” the NordPass expert explains.
Wondering how a brute-force attack works? First, hackers check if your password is among the most popular. They will then check all the known information that you might use for your password, such as your name, address, favorite band, sports team, or your pet’s name. There is also a program that will tweak this information by adding more data like numbers or special symbols. Hackers will also translate words into Leetspeak(where ‘password’ becomes ‘p422W0Rd’) or scan ‘rainbow tables.’ These are vast sets of tables filled with hash values pre-matched to possible plaintext passwords. Hackers will also check if your other accounts have been breached and whether you’ve reused the same password for another account.
However, there are some security solutions to protect your accounts from such attacks. The security expert shares his top tips:
1. Use a password generator. “Password generators are great tools that can generate complex passwords in seconds. Sadly, they are still massively underused. Recent research by Kaspersky suggests that a whopping 83% of respondents make up their passwords instead of using some sort of tool that will do it for them,” says Chad Hammond.
2. Go over all the accounts you have and delete the ones you no longer use. If a small, obscure website ends up breached, you might never even hear about it. You can use haveibeenpawned.com to check if your email has ever been compromised.
3. Use 2FA if you can. Whether it’s an app, biometric data, or hardware security key, your accounts will be much safer if you add that extra layer of protection.
4. Make sure to regularly check each of your accounts for suspicious activities. If you notice something unusual, change your password immediately.
ABOUT NORDPASS
NordPass is a new generation password manager shaped with cutting-edge technology, zero-knowledge encryption, simplicity, and intuitive design in mind. It securely stores and organizes passwords by keeping them in one convenient place. NordPass was created by the cybersecurity experts behind NordVPN — one of the most advanced VPN service providers in the world. For more information visit: nordpass.com.