People are still using the most basic of internet passwords that can be easily cracked, according to a database analysis by password manager NordPass.
Its list of the 200 most common passwords for online accounts in 2020 was released after a review of nearly 275.7 million passwords.
Coming in first was “123456,” used by 2.5 million people, after landing in second place last year. NordPass said it has been breached more than 23.5 million times.
The data shows many people stubbornly cling to using weak passwords, even though they’re the worst in terms of security.
For example, the slightly shorter password “12345” was in first place last year but was still considered acceptable to more than 188,000 users to take eighth place on this year’s list. Both variations of the number sequence could be cracked in less than a second.
NordPass said fewer than half of the passwords (78 of them) are new to the 2020 list.
The research shows people use simple and easy-to-remember passwords due to convenience. They also like categories, such as swear words, numbers, names and food.
Numbers and more numbers
A string of numbers beginning with “1” — with users merely adding numbers to the sequence — accounted for five of the 10 most popular, or “worst,” passwords.
Also in the top 10 was “111111,” the sixth most commonly used password in the analysis, up from 17th spot last year. The number “123123” was in seventh place, up from 18th place.
As for words, a new password, “picture1” joined the list of common passwords, ending up in third place. In fourth place was “password.” In the 10th spot was “senha,” which is new to the list and means password in Portuguese.
The password “1234567” was next in line, followed in 12th place by the ever-popular qwerty, named for the first six letters on the keyboard starting from the left and on the top row.
The top 10 passwords could be cracked in 10 seconds or less, while “picture1” could be cracked in three hours. NordPass didn’t explain how it did the analysis. CBC News has reached out to NordPass asking about its methodology.
Here are the top 15 passwords, with the full list here:
NordPass said if you’re not using a password manager, you should create a unique one for each account and make them long — don’t settle for anything shorter than 12 characters, and use a mix of upper- and lowercase letters, numbers and symbols. It said you should change your passwords at least every 90 days.