Hey there! If you‘re like most people nowadays, you probably have dozens of online accounts for everything from email to social media to banking and more.
Managing all those accounts – and keeping them secure – can be a real headache. But here‘s the thing: one of the biggest threats to your online security is weak passwords.
According to Verizon‘s 2022 Data Breach Investigations Report, over 80% of hacking-related data breaches are due to compromised credentials. And very often, those compromised credentials are simple or common passwords that are easy for hackers to guess.
So in this post, we‘ll look at the most common passwords that you need to avoid, understand why some types of passwords are risky, and explore ways you can start using more secure passwords today.
My goal is to help you protect your online accounts and data from unauthorized access. Because let‘s face it – getting hacked is no fun at all!
Contents
- Just How Common Are Weak Passwords?
- The Top 15 Most Common Passwords to Avoid
- Why Numerical Passwords Are Insecure
- Avoiding Other Common Password Pitfalls
- Here‘s How to Create Stronger Passwords
- Adding an Extra Layer with Multi-Factor Authentication
- Recent Password Breaches to Learn From
- Summing Up How to Strengthen Your Passwords
Just How Common Are Weak Passwords?
Before we dive in, let‘s look at some scary stats around weak password usage:
-
The annual list of worst passwords from NordPass found that "123456" and "password" were the top 2 most common passwords yet again in 2022. The top 200 passwords represent over 3% of all passwords exposed in data breaches.
-
According to Verizon‘s report, the most common password is only 6 characters long and contains just lowercase letters. 15% of people in their study used passwords found in the top 20 worst passwords lists.
-
A UK National Cyber Security Centre study found that 23.2 million victims worldwide used 123456 as a password, while 3.6 million used "password" as their password.
As you can see, a ton of people continue to use notoriously weak passwords. This leaves their accounts and sensitive data vulnerable to hacking by cybercriminals.
Now let‘s examine some of the most common types of passwords that you need to avoid.
The Top 15 Most Common Passwords to Avoid
Here are 2024‘s worst offenders when it comes to weak passwords, according to NordPass:
- 123456
- password
- 123456789
- qwerty
- 12345678
- 111111
- 123123
- 12345
- qwerty123
- 1q2w3e4r
- admin
- qwertyuiop
- 654321
- picture1
- 123321
Variations of these passwords are also very common, like "Password1", "iloveyou!", or "mypassword123". But as you can see, these passwords share some obvious patterns:
- Simple numerical or keyboard patterns like "123456" or "qwerty"
- Extremely short passwords, usually 8 characters or less
- Dictionary words like "password" or "qwerty" that are easy to crack
- Personal information like names ("john") or dates ("06111998")
Using any password similar to these is like leaving your front door wide open for hackers. Don‘t make it too easy for them!
Why Numerical Passwords Are Insecure
Plenty of people try to make passwords more secure by adding numbers like "123" or "09876" to the end of a word. But this tactic actually makes passwords far weaker.
For a few reasons:
-
Number combinations are extremely predictable. "123", "321", "456" are pretty obvious choices.
-
Dates and ages like years of birth are easy to research about someone.
-
There are only 10 possible numbers, versus 26 possible letters. Fewer options means simpler passwords.
-
Patterns like "25896" or repeated digits are quick for computers to generate and match.
Rather than just tacking numbers onto a word, passwords are much stronger if you mix upper and lowercase letters, numbers, and symbols throughout.
Avoiding Other Common Password Pitfalls
In addition to raw number or keyboard pattern passwords, there are a few other password types you should avoid:
-
Names/dictionary words – Far too easy to crack using hacking tools and dictionaries.
-
Keyboard patterns – "asdf1234" or "1qaz2wsx" are suspiciously non-random.
-
Pop culture references – Seem obscure but can be guessed via social media interests.
-
Common substitutions – Swapping "s" with "$" or "a" with "@" won‘t fool hackers.
-
Short passwords – Anything under 12 characters is vulnerable, especially under 8 characters.
The key is to use no real words, phrases, names, dates or other personal info in your passwords. Opt for truly random gibberish to baffle hackers. More on that soon!
Here‘s How to Create Stronger Passwords
By now it‘s clear weak passwords are risky business. So let‘s talk about smart strategies to create nice and strong passwords:
-
Use 12-14 characters – Longer is stronger to thwart hacking attempts.
-
Try a passphrase – An easy to remember phrase with spaces and special characters can work wonders.
-
Mix cases, numbers, symbols – Crucial to include lowercase AND uppercase letters, numbers, symbols.
-
Skip keyboard patterns – Completely random keys help. No "asdf123" nonsense.
-
Avoid personal info – No pet names, birthdays, addresses. Get creative!
-
Consider using a password manager – Apps like LastPass securely generate and store passwords. More on this later!
Let‘s quickly expand on how a password manager makes life easier. These apps generate completely random passwords for each site. All you need to do is remember one strong master password.
Password managers also allow sharing passwords securely across devices. And many have added security options like VPNs and dark web monitoring to detect if your information appears in hacker circles.
Adding an Extra Layer with Multi-Factor Authentication
An additional step that adds a major layer of account security beyond just a password is enabling two- or multi-factor authentication (2FA or MFA).
With 2FA, accessing an account requires your password plus an additional verification like:
-
A temporary code texted to your smartphone
-
A randomized code from an authenticator app
-
Biometric authentication like a fingerprint scan
So even if hackers steal your password, they still can‘t access your account with 2FA enabled. For important accounts like email, banking, and work logins, MFA is a must these days.
Recent Password Breaches to Learn From
To drive home the risks of poor password practices, let‘s look at two recent high-profile breaches where weak passwords played a major role:
Twitter‘s 2020 hack – Twitter had a massive breach where hackers gained access to internal tools via an employee‘s weak password. They hijacked famous accounts like Elon Musk to spread a Bitcoin scam.
Robinhood‘s 2021 breach – Hackers stole personal info on millions of users by gaining access to internal systems. Again, the entry point was an employee reusing their work password elsewhere.
Both cases highlight why companies need stringent password policies too. And why you should never reuse the same password across multiple accounts. One weak password can put everything at risk these days!
Summing Up How to Strengthen Your Passwords
Phew, we covered a ton of ground here! Let‘s recap the key tips:
🔑 Use random mixes of upper/lowercase letters, numbers and symbols
🔑 Opt for longer 12+ character passwords when possible
🔑 Never reuse passwords across multiple accounts
🔑 Avoid common passwords like "1234", "qwerty", or your name
🔑 Use a password manager to generate and store secure passwords
🔑 Enable two-factor or multifactor authentication for an added layer of security
🔑 Change passwords periodically, at least every 90 days for important accounts
I hope these tips give you ideas on improving your own password habits! Trust me, taking a few minutes to strengthen your logins will save you headaches down the road.
Stay safe out there, and let me know if you have any other password or online security questions!
