Dec 16, 2021
For modern people, passwords are one of the most important tools for protecting personal information.
You need a password for your bank card, to log in to your App, to unlock your phone, even to back home.
There are more and more passwords. However, it’s hard to remember such a lot of passwords. So many people would like to set the password all simple and easy to remember. Although it brings risk, it is easier with other verification means.
NordPass now releases a list of the most commonly used passwords in the world in 2021. You can see if your password is on the list. If so, be careful. You are very likely to be accidentally "stolen number"!
Some passwords may be so "classic" that a lot of people still use them.
For example, 123456, an internationally used password, is still used by 103 million people, far surpassing other passwords and becoming the password used by the most people in 2021.
By the way, 123456 is also the most popular password in 2020, and unless 6-digit passwords are mandatory, it's unlikely to lose its position.
The second one is 123456789, which has 3 more digits than 123456. Maybe the website requires a password of more than 8 digits, so a few digits are added.
The third one is still the digital password, and is even simpler, 12345. It can be seen that people really do not like to remember the password, so it is set as simple as possible.
The fourth to the tenth will not be mentioned here, which are all combinations of pure numbers or pure English letters as long as they are easy to remember.
There are only two passwords composed of English letters in the top ten, namely “qwerty” and “password”. Many people know the latter, but what does “qwerty” mean?
In fact, it really doesn’t make much sense. Looking at the first line of the keyboard, they are just the first 6 letters from left to right...
In addition to a summary of commonly used passwords and the number of users, this list has one more data-TIME TO CRACK IT.
That is the time it takes to crack this password. The average cracking time of the top 50 on this list is no more than one second. It can be said that this kind of password is set in vain.
Over the years, a large number of website passwords have been cracked, and the method used by hackers is credential stuffing attack, which sounds professional, but is actually very simple.
The hacker collects the leaked user account and password, generates the corresponding table, and then logs in to other websites in batches.
Because a large number of users use the same passwords on various websites, this method has been proved effective every time!
How should can we protect our password security under this condition?
In spite of this, as long as the password combination is complex enough, the probability of being cracked will be greatly reduced.
For example, it takes more than an hour to crack some passwords in the list such as 1g2w3e4r, gwerty123, and zag12wsx. The longer the cracking time is, the lower the risk will be.
As for the password setting, do not be lazy. It is of high risk to use the same password on all websites. Of course, it is difficult to remember if all the passwords are different. Let me share some tips.
For example, use this form: fixed prefix + account attributes + website abbreviations + fixed suffix.
The two fixed parts can be your birthday, or your name, and the middle part changes according to websites and attributes.
Commonly used website attributes can be expressed by symbols, such as “#”, and other less commonly used ones by “&''”.
Then just add the abbreviation of the website.
Although it is more complicated, it is not difficult to remember. More importantly, security is greatly improved.
Finally, the mobile phone number is the ultimate bastion of account security, which must be well kept. Once the phone number is fraudulently used by others, no matter how complex the password is, it is useless. Others can change all the passwords with verification codes.