The common passwords that could be putting your computer and identity at risk

Nov 19, 2023
The experts have revealed a list of the common passwords that put personal cybersecurity at risk. Source: Getty Images

Cybersecurity for older Australians has been in the headlines lately, with a number of scams and malware programs that have been used to target seniors and retirees specifically. Some are often highly elaborate and rely on the victim willingly transferring their assets.

However, most are still focused on collecting the victim’s personal data without them being aware that it is even happening. In these cases, there is one fairly simple defence against online ner-do-wells: having a strong password.

Yes, people have been told to death to have strong passwords but passwords with numbers and special characters can be hard to remember. But when the statistics are analysed, they might make even the most tuned-out change their tune for the better.

NordPass, a password management program, have compiled a list of the top 200 most common passwords.

The list of passwords was compiled in partnership with independent researchers specialising in researching cybersecurity incidents.

Researchers analysed passwords from a 6.6TB database. Most of these passwords were stolen by stealer malware, such as Redline, Vidar, Taurus, Raccoon, Azorult, and Cryptbot. 4.3TB of that database was extracted from various publicly available sources, including the dark web. They also found the source websites responsible for these passwords being accessible.

They refrained from procuring or obtaining personal data for this study. Instead, they assembled a roster of 200 frequently used passwords for online accounts, despite their insufficient strength. The following are the top ten most commonly used passwords:

  1. 123456
  2. admin
  3. 12345678
  4. 123456789
  5. 1234
  6. 12345
  7. password
  8. 123
  9. Aa123456
  10. 1234567890

They discovered (predictably) that all of the top ten could be cracked by a hacker in less than a second. Many will often try the most common passwords to begin with, especially if there is no restricted number of login attempts.

But just having a password not in the top ten or even the top fifty doesn’t guarantee that an account is safe. Even slightly stronger passwords near the bottom of the list such as ‘P@$$w0rd’ could be cracked in less than a second.

Passwords involving names of things, such as Menara, or countries such as Pakistan were cracked in minutes. Moreover, the password ‘theworldinyourhand ‘was found to take centuries to crack, yet 20,176 instances of this password were still found on the internet. Not only does a password need to be strong, but it should also be unique to avoid lucky guesses.

With 86 per cent of all web app attacks using stolen credentials, the importance of having a strong and unique password cannot be understated. Ideally, passwords should be at least 20 characters long and include a mix of uppercase and lowercase letters, numbers, and special symbols.

Password that avoid using easily guessable information like birthdays, names, or common words and no password should be re-used.

Passwords should be changed regularly, especially weak passwords and those that are featured on the list of 200.

Stories that matter
Emails delivered daily
Sign up