NordPass, a password manager that provides users with an encrypted password vault, recently released its annual report on the most commonly used — and, therefore, most easily cracked — passwords.
The most common password globally? That would be ‘password.’ The rest of the top five: ‘123456,’ ‘123456789,’ ‘guest,’ and ‘qwerty.’
In the U.S., ‘guest’ takes the top spot, followed by ‘123456,’ ‘password,’ ‘12345,’ and ‘a1b2c3.’
Clearly, not a lot of effort is going into creating such passwords, and it doesn’t take a hacker much time — mere seconds, actually — to defeat them.
Popular films and TV shows also rank among the past year’s most popular passwords, including ‘batman,’ ‘euphoria,’ and ‘encanto.’
“While the worst passwords might change every year, human beings are creatures of habit,” NordPass notes. “Every year, researchers notice the same pattern — sports teams, movie characters, and food items dominate every password list.”
Here are a few tips from the Federal Trade Commission (FTC) to create strong, secure passwords.
Make Your Password Long and Strong
That means at least 12 characters. Making a password longer is generally the easiest way to make it stronger. Consider using a passphrase of random words so that your password is more memorable, but avoid using common words or phrases. If the service you are using does not allow long passwords, you can make your password stronger by mixing uppercase and lowercase letters, numbers, and symbols.
Don’t Reuse Passwords
Use different passwords for different accounts. That way, if a hacker gets your password for one account, they can’t use it to get into your other accounts.
“While the worst passwords might change every year, human beings are creatures of habit. Every year, researchers notice the same pattern — sports teams, movie characters, and food items dominate every password list.”
Use Multi-factor Authentication When Possible
Some accounts offer extra security by requiring something in addition to a password to log in to your account. This is called multi-factor authentication. The something extra you need to log into your account fall into two categories: something you have, like a passcode you get via an authentication app or a security key; or something you are, like a scan of your fingerprint, your retina, or your face.
Consider a Password Manager
Most people have trouble keeping track of all of their passwords. The longer and more complicated a password is, the stronger it is, but a longer password can also be more difficult to remember. Consider storing your passwords and security questions in a reputable password manager. To find a reputable password manager, search independent review sites, and talk to friends and family for ones they use. Make sure to use a strong password to secure the information in your password manager.
Pick Security Questions No One Else Can Guess
If a site asks you to answer security questions, avoid providing answers that are available in public records or easily found online, like your zip code, birthplace, or mother’s maiden name. And don’t use questions with a limited number of responses that attackers can easily guess, like the color of your first car. You can even use nonsense answers to make guessing more difficult — but if you do, make sure you can remember what they are.
Change Passwords Quickly If There’s a Breach
If a company tells you there was a data breach where a hacker could have gotten your password, change the password you use with that company right away, and on any account that uses a similar password. And if someone is using your information to open new accounts or make purchases, report it and get help at identitytheft.gov.
“Passwords are the locks on your account doors,” the FTC notes. “You keep lots of personal information in your online accounts, including your email, bank account, and your tax returns, so you want good protections in place.”