It can be a depressing read, but also one that is enlightening. How terrible are the world’s worst passwords, and just how long did it take a password company to crack them?
Everyone’s received a message suggesting they change passwords at least once before, but for some of us, those needs are more dire than a breach might imply.
While it’s important to change passwords regularly, particularly when security has been breached, some people need to change them a little earlier, particularly if their password is listed amongst the world’s worst.
And it’s that time again, as a list of the world’s worst passwords has made its way to the light of day, exposing some of the genuinely disastrous passwords some people are still using.
NordPass has released its listing of the world’s worst passwords, and as expected, some of the world’s worst are still the world’s most obvious, though it’s rather crazy to think these are still in use.
In the top position, roughly 2.5 million users are using 123456, with almost a million using the only slightly more complex 123456789, both of which NordPass says it can crack in less than a second.
The rest of the list sees fewer users of equally bad passwords, including picture1 with 371,000 users, password with 360,000 users, qwerty with 156,000 users, iloveyou with 106,000 users, and even 88888888 with 22,000 users. There are 200 terrible passwords on the list, and most of them appear to be easily broken within the space one second or ten seconds. Either way, it’s a pretty damning list, and if your password is on it, you’ll definitely want to change it ASAP.
Even if your passwords aren’t on the list, it’s still clearly important to check if your regular passwords are secure. While passwords like the ones on the list aren’t great, anyone can have their passwords leaked or broken, so checking whether yours are still secure can be something we all do.
And there are numerous ways to make your passwords better, from picking a phrase that means something to you and replacing some of the letters with numbers and other characters, or even using the built-on password suggestions from your web browser, and saving those passwords to the browser for ease of use.
However you should make them complex enough so that only you could guess them, and certainly not as simple as password123. The basic passwords may well be convenient, but it’ll hardly be convenient if you have to change all your passwords because someone found a way to break into your accounts, let alone all the other things you’d need to do.