3Comments
Despite constant warnings that you should create secure passwords, a new study has found that a lot of people are still creating incredibly hackable logins.
Virginia Tech University and security firm Dashlane analyzed over 61 million passwords from online forums and data archives. From this, they compiled lists of the most commonly used passwords, as well as analyzed how people modify their passwords from website to website.
They found that, predictably, people are still using "troubling" and "dangerous" security practices.
“Inevitably, people reuse or slightly modify them, which is a dangerous practice," Dr Wang, one of the lead researchers said in a blogpost on Dashlane's website. "This danger has been amplified by the massive data breaches that have given attackers more effective tools for guessing and hacking passwords.”
A common problem is that when people are required to use a combination of numbers and letters, they tend to just walk their fingers around the keyboard.
The result is a very easy list of passwords to hack. The top passwords of this genre look like they'd be difficult to hack on first glance, and we're sure you felt very clever when you came up with it, but they're incredibly common and extremely hackable.
Top "keyboard walking" passwords
1. 1q2w3e4r
2. 1qaz2wsx
3. 1qazxsw2
4. zaq12wsx
5. !qaz2wsx
6. 1qaz@wsx1q2w3e4r
7. 1qaz2wsx
8. 1qazxsw2
9. zaq12wsx
10. !qaz2wsx
"These passwords are all comprised of keys on the left-hand side of standard keyboards. This means users can simply use the pinky or ring finger on their left hand to type their entire password," said Dashlane.
"However convenient this may be, saving a few seconds is not worth the loss of one’s critical financial and/or personal data due to an account hack."
A pitfall other people make is trying to create passwords that they'll remember, which leads to them using names of their favorite band, superhero, or cartoon about creatures being made to fight for the amusement of humans.
The 10 most frequent pop culture passwords
- 1. superman
- 2. pokemon
- 3. slipknot
- 4. starwars
- 5. metallica
- 6. nirvana
- 7. blink182
- 8. spiderman
- 9. greenday
- 10. rockstar
Our favorite genre of passwords is the "I'm so mad about creating passwords you bet your ass I'm going to choose a swear". The team created a list of the top "love/hate-related" passwords, which includes "fuckyou", "fuckoff" and just plain and simple "asshole".
The 10 most frequent love/hate-related passwords
- 1. iloveyou
- 2. fuckyou
- 3. asshole
- 4. fuckoff
- 5. iloveme
- 6. trustno1
- 7. beautiful
- 8. ihateyou
- 9. bullshit
- 10. lovelove
- And then there are the people who are clearly fed up of being in control of their own accounts and are desperately trying to be hacked. These people choose brands such as "linkedin" or "myspace as their passwords. We'd place a rather large bet that at some point these have been their logins for MySpace and LinkedIn.
- The 10 most frequent brand-related passwords were
- 1. myspace *experienced a major breach in 2016
- 2. mustang
- 3. linkedin *experienced a major breach in 2016
- 4. ferrari
- 5. playboy
- 6. mercedes
- 7. cocacola
- 8. snickers
- 9. corvette
- 10. skittles
- If your password appeared on any of these lists, you should change it.
