It's time once again for a survey of the worst passwords of 2020, brought to you by Norpass and associates. The company has been analyzing passwords retrieved from the Dark Web to study them. They are trying to locate trends and see just how well we're doing overall, in terms of picking passwords that aren't easy to guess. The results aren't pretty, nor have they ever been, since Norpass began conducting this research.
Having analyzed more than a quarter of a billion passwords, here are a few of the highlights they spotted:
- While the top five worst passwords shuffled around a bit, with only one new entry, the top five is largely as it has been. This year, "123456" leads the bad password pack, with "123456789" coming in at the number two spot.
- The number three spot is occupied by the password "picture1" which is actually a marked improvement over the first two. Where the first two could be brute force solved in under a second, "picture1" would take about three hours.
- The rest of the top five, "password" and "123456t78" can be cracked in less than a second.
Combine the fact that too many people are using the simplest passwords with the fact that a shocking percentage of users are still, after years of warnings, using the same easy-to-crack password across multiple web properties. That is a recipe for disaster.
Is it any wonder then, that the number of successful data breaches continues to increase year after year? Given that this issue has been going on since at least 2015--and there's no reason to think it wasn't happening well before that, we simply don't have the data to prove it--this is a problem that will not be easily solved.
We have to do something to get our arms around it though, or we're in big trouble. Make sure everyone who works for you is aware of this report.