Every year, the password manager Nordpass publishes the Top 200 of the most used, and therefore most insecure, passwords. Number 1 is “123456” with 2.5 million users, and hackers can crack this password in less than a second (!). The top 5 worst passwords further consists of “123456789”, “picture1”, “password” and “12345678”. Do not think that with the lower placed “chocolate”, “trustno1”, or “qwerty”, you have set good security in place for your bank account, website, or email, because these passwords can all be cracked within a matter of seconds.
Weak passwords make you an easy target for hackers. While strong passwords are one of the best defences against unauthorised access to your accounts. If your passwords are hard to guess or crack, hackers will give up and target another more vulnerable mark.
If you are using similar, weak, and therefore easily guessed passwords, it is advisable to change them as soon as possible to complex passwords that are difficult to crack.
How a hacker retrieves passwords.
How often does it happen in movies that someone has to guess the correct password for a computer or account? He only has three guesses, and the clock is ticking. Once or twice, he guesses wrong, the tension rises, and eventually he enters the correct password and is in!
Yes, that’s not how it works if a hacker gains access to your Paypal account or email. It is not a matter of guessing, and unless you are famous or rich, the attack is not personally directed against you.
When hackers try to retrieve passwords, they don’t do so by entering them in a password field and hoping they will guess the correct password. Instead, they have access to software programs and databases to help them identify credentials that might work.
Most of the passwords hackers have access to are stolen during major data breaches from popular online services. All this data is collected in large databases that hackers use with software (or “bots”) to automatically test each username and password combination in the database to see if it has been used on other websites.
Or, if a hacker knows an email address for a user’s account, they try known passwords (such as “123456” and “abc123”) to see if they work with that specific email address. Again, bots run these tests, and only when a match is found will a hacker use the valid credentials to take over the account.
How to keep hackers out of your accounts?
Never use the same password more than once.
That way, a compromised password won’t automatically give a hacker access to your other online accounts.
Use strong passwords.
With a password manager, you can generate strong and unique passwords so you don’t have to come up with them yourself. A password like “c0aM94f% fBcEtGPj” is, of course, impossible to remember. Fortunately, the password manager stores it securely for you and automatically fills in the credentials when you want to log in to the account again.
A strong password is:
- Long: Minimum 12 characters
- Unique: Use a different password for each account
- Fictional: Do not use existing words
- Mixed: Alternate uppercase, lowercase, numbers, and symbols
There are several password managers out there online, but I’ve been using LastPass myself for years. All of my passwords are protected by a master password that is long, unique, fictional, and mixed, and that is not stored anywhere except for an old-fashioned post-it on my desk. LastPass is free and easy to install and use.