Passwords that protect nothing

Passwords serve as the frontline defence in protecting our data and digital identities. They act as virtual keys to online accounts and prevent unauthorised access. Creating strong, unique passwords that are complex is crucial as it makes it increasingly difficult for cybercriminals to guess or use software to hack. But when it comes to passwords, for convenience, many keep simple and easy-to-remember passwords that can be recalled at the drop of a hat without using too much brainpower. However, that means they're easy to guess and even easier to hack.
So, just what is the most common password globally? Well, according to data from Nordpass that would be the classic ‘123456'. Over 40 countries in the world use this as their main password. The people of Russia gravitate towards this one with a whopping 19,000,630 users. China and Germany take second and third place with 8,159,358 and 2,269,847 people using the number password respectively. The UK is no better though. We feature eighth on the list with a concerning 571,107 people using ‘123456' to protect their personal data. Unsurprisingly, this password would take 0 seconds for a hacker using software to crack, which is seriously concerning for people across the world.
Diving deep into the top most used passwords in the UK, there are some interesting options out there. Joining '123456' for commonplace, generic, and easy-to-guess passwords is ‘password' in second place, with 423,192 user counts. ‘Qwerty' is an honourable mention in seventh place with 145,626 user counts. While these may be easy to remember, the lack of creativity and sophistication provides very little protection against hackers who have malicious intentions for your personal data and funds.
When they say a password should be something that you can easily recall but important to you, it turns out football clubs spring to mind first. Three out of 10 of the most used passwords are football clubs with ‘Liverpool' taking third place, ‘Liverpool1' taking eighth place and ‘Arsenal' taking tenth. Again, these are easily guessable patterns and combinations, especially if you're vocal about your support in person and especially online, and they pose a significant risk to your digital security.
Rank | Password | User Count |
---|---|---|
1
|
123456 | 571,107 |
2
|
password | 423,192 |
3
|
liverpool | 224,160 |
4
|
password1 | 162,086 |
5
|
123456789 | 152,801 |
6
|
12345 | 151,914 |
7
|
qwerty | 145,626 |
8
|
liverpool1 | 123,328 |
9
|
charlie | 109,524 |
10
|
arsenal | 107,899 |
Cracking the code to your data
Is there anything more frustrating than meticulously crafting a hard-to-crack password, ensuring it meets all the criteria - eight characters, including numbers and symbols - only to forget it a few weeks later and have to start the whole process again? Falling victim to a hacking incident where money and personal data are stolen for identity fraud is painful. Not only can it wreak havoc on your personal finances, but it can also deal a significant blow to your business's reputation, signalling a lack of trustworthiness with sensitive data which can lose you both new and existing customers. That's why it's imperative to prioritise good password hygiene habits.
Consider using unique passwords or, better yet, passphrases—longer and easier to remember. After all, "MyCatIsSoCool!33" is far more memorable than "X4crz1J8k." Additionally, make it a habit to update passwords regularly, aiming for every six months, to maintain the integrity of your digital security.
While it may not seem like it at the time, it's important to put some serious thought into your passwords. According to recent data from HiveSystems.io, the time it takes for cybercriminals to use generative AI hardware to brute force passwords based on their length and complexity is shockingly little. For instance, the table below shows that shorter passwords can be broken instantly. Only when you hit passwords at 10 characters long with a mix of upper- and lower- case letters does it start taking some time, and that's only 4 seconds. Longer and more complex passwords provide significantly stronger defences against brute force attacks. In fact, even a 16-character password (or more likely passphrase) that uses a mix of numbers, upper- and lower-case letters and symbols will take 16 million years for cybercriminals to hack. So, just a few small changes could provide ample protection for your business against those with malicious intent.
Using generative AI hardware to brute force your password in 2023
Number of characters | Numbers only | Lowercase letters | Upper and lowercase letters | Numbers, upper and lowercase | Numbers, upper and lowercase |
---|---|---|---|---|---|
4 | Instantly | Instantly | Instantly | Instantly | Instantly |
5 | Instantly | Instantly | Instantly | Instantly | Instantly |
6 | Instantly | Instantly | Instantly | Instantly | Instantly |
7 | Instantly | Instantly | Instantly | Instantly | Instantly |
8 | Instantly | Instantly | Instantly | Instantly | 1 sec |
9 | Instantly | Instantly | 4 secs | 21 secs | 1 min |
10 | Instantly | Instantly | 4 mins | 22 mins | 1 hour |
11 | Instantly | 6 secs | 3 hours | 22 hours | 4 days |
12 | Instantly | 2 mins | 7 days | 2 months | 8 months |
13 | Instantly | 1 hour | 1 year | 10 years | 47 years |
14 | Instantly | 1 day | 52 years | 608 years | 3000 years |
15 | 2 secs | 4 weeks | 2000 years | 37k years | 232k years |
16 | 15 secs | 2 years | 140k years | 2 million years | 16 million years |
17 | 3 mins | 65 years | 7 million years | 144 million | 1 billion years |
18 | 26 mins | 1000 | 378 million | 8 billion years | 79 billion years |
As technology continues to advance and cyber threats evolve, individuals and businesses must remain vigilant and proactive in mitigating risks and protecting against potential vulnerabilities. By implementing robust cybersecurity measures and understanding the significance of good cybersecurity practices, like implementing strong password hygiene habits and enabling multi- factor authentication, you can strengthen your defences against cyber-attacks and minimise the devastating impact of potential breaches. Which, in turn, can prevent untold issues when it comes to running your business. But even with good cybersecurity, hackers can still get through or employees can fall for scams, which is why it's recommended that businesses have professional indemnity insurance.
Hello