Most Commonly Compromised Passwords: In 2022, 54% of SMEs in the UK reported having experienced a cyber-attack, so it’s more crucial than ever to close any security gaps, especially when selecting account passwords. Unfortunately, as more people go online and use cashless payment methods like our contactless card machine or buy now, pay later plans, cybercrime and smishing attacks are growing in frequency.
It’s time to brush up on your password knowledge for 2023. Although we have all been taught to employ memorable information, many of us still rely on familiar information like holidays and pet names. However, having more online presence through social media and open accounts could make it easier for hackers to access your information and figure out what passwords you use.
We thus undertook a survey to identify the most often compromised passwords globally in order to raise your awareness of the need of online password security.
The Reports
Our most-hacked passwords study from last year has been revised for 2023 in order to look further into the most frequently used passwords and how long it takes to hack them.
We were able to look into the most popular password patterns and the average password length by analysing aggregated data from Rockyou21, which has compiled credentials from various sources and lists over six million compromised passwords.
The survey divided the top 25 passwords that were compromised into 25 categories, ranging from astrology to football. In order to help you stay safe online, we can tell the password subjects you should generally avoid by looking at which category had the most passwords compromised.
Key conclusions
• Using only lowercase letters is the most common password pattern.
• More than 1.5 million passwords were no more than eight characters.
• The most popular type of password is one that uses terms of fondness.
• More than 29% of passwords contain only 12 characters.
How to Safely Share Passwords with Family on iOS 17: Secure Password Sharing
Techniques to Hack Passwords
There are five techniques to hack passwords.
Before we continue, let’s take a closer look at some of the most typical password hacking techniques:
1. A Forceful Attempt
Millions of passwords are used every second in a brute force attempt to try and access accounts.
2. Dictionary Attempt
A dictionary attack is a method used by hackers to guess passwords by using widely used words and phrases.
3. Phishing
Phishing is another way passwords get compromised. A victim is preyed upon by an attacker who attempts to trick them into divulging important information, whether through a phoney email, text message, or phone call.
4. Malware
Malware attacks occur when hackers produce harmful software that is downloaded onto a victim’s computer without their knowledge and is then utilised to steal sensitive data.
5. Cracking flimsy passwords
Another frequent tactic used by hackers is guessing weak passwords based on user information obtained from social media. such as your pet’s name or birthday.
List of Most Commonly Compromised Passwords in 2023
- 123456
- password
- 123456789
- 12345
- 12345678
- qwerty
- 1234567
- 111111
- 1234567890
- 123123
- abc123
- 1234
- password1
- iloveyou
- 1q2w3e4r
- 000000
- qwerty123
- zaq12wsx
- dragon
- sunshine
- princess
- letmein
- 654321
- monkey
- 27653
- 1qaz2wsx
- 123321
- qwertyuiop
- superman
- asdfghjkl
Due to finding over 20,000 different patterns, the top password patterns constitute 11.1% of this dataset, which is considerable. If you use one of these most common patterns, it reduces the amount of possible combinations that hackers must try to access your data.
It’s crucial to keep in mind that hackers are probably aware of these well-liked patterns and passwords, which makes them even easier to crack. Hackers may be able to compile enough information from public social media accounts or publicly available personal data (such birthdays, favourite holidays, and pet names) to make educated password guesses. Therefore, if you want to establish a new password, try to make it longer than 12 characters, include a capital letter or other unusual characters, and have nothing to do with your name or any other memorable facts.
