Have you ever used “123456” as a password for one of your online accounts? You can also have no password at all.
Today, cybercriminals are getting more stolen usernames and passwords than ever before. In fact, 2021 was a record year for the number of data breaches. Nearly 190 million people were victims of roughly 1,800 data breaches last year, according to the latest figures. annual report from the Identity Theft Resource Center. Not sure if your credentials were ever exposed in one of the recent data breaches? This site provides a free tool that tells you which of your accounts have been hacked, and all you have to do is enter your email address.
Twingate analyzed a a list of the 200 most common passwords in 2020, incl SecLists— the project is supported Daniel Missler, Jason Haddixand g0tmi1k. The passwords were collected from popular lists in the security testing world.
A significant number of the most common passwords contained nouns, and many included proper nouns such as people’s names (Nicole, Matthew) and intellectual properties (Pokémon, Star Wars), as well as common nouns (princess, monkey, baseball). If the password contained at least three consecutive characters that are adjacent on a standard US keyboard (qwerty, 1234, 159753), they were considered to have a keyboard pattern. None of the most common passwords analyzed by Twingate contained any symbols or special characters.
Increasingly, attackers can gain access to vast swaths of Americans’ private information by performing so-called “credential dumping.” Filling the account occurs when cybercriminals buy or reuse lists of frequently used and stolen passwords and enter them into login fields on websites.
Credential stuffing poses a significant risk to both businesses and consumers due to the large number of Americans who reuse passwords for multiple accounts. About 65% of US adults admit to using the same password on at least some—if not all—of the websites they use, according to 2018 Google data survey conducted by The Harris Poll.
Technology companies including Apple are developing technology that experts say could be more secure and convenient than traditional passwords. They rely on your biometrics, i.e. fingerprints and facial recognition.
Until more secure measures are put in place, password managers like it 1 Password or LastPass are an effective way to prevent such attacks, but passphrases are another good alternative. A passphrase is essentially a sentence. The FBI recommends using passphrases because longer passwords take longer to crack than complex passwords (such as those that include numbers and special characters).