Take a look at the passwords listed above. Do any of them look familiar? The sad reality is that they might. While overly simple and relatively easy to guess, these were 50 of the most common passwords acquired in a data breach of over 30 million accounts. The 10 most popular options (including “123456” and “123456789”) break a cardinal rule of password setting by not including a combination of letters and numbers.
One of the most common ways hackers gain access to passwords and accounts is called a brute-force attack. This method uses an automated software that checks all of the words in the dictionary and commonly used passwords until it breaks through. Using passwords like “123456” or “qwerty” (if a website will let you) isn’t just discouraged, it could be dangerous.
Thankfully, not all websites will allow users to pick passwords like “123456”, even if they wanted to. Google requires its users to create passwords at least eight characters in length utilizing a combination of letter and numbers. While not required, Google also recommends users include symbols into their account passwords and avoid using personal info or common words.
But is that enough?
Potentially not. In a 2016, Microsoft announced they saw over 10 million username and password “pair attacks” every single day. As a result of their analysis, they suggested reusing passwords should be banned, that longer passwords aren’t always better, and multi-factor authentication may be necessary to fully secure account from compromise.
Even if users are including a mixture of letters, numbers, and symbols in their account passwords, they may still be falling prey to commonly used combinations. This graphic acts as a heat map to identify the characters on the keyboard people reach for the most in building their passwords. Numbers like 0,1, and 2 as well as symbols like the period, underscore, and at symbol (“@“) are still common and could be easily guessed.
