Recent research highlights a significant issue with passwords: most of them are alarmingly weak. A cybersecurity team analyzed over 19 billion leaked passwords and found that only six percent were unique.
More than a billion were considered strong enough to evade dictionary attacks, while the vast majority were remarkably inadequate. In simple terms, nearly 18 billion passwords were deemed ineffective.
Among the weakest offenders, some names appear repeatedly in the hall of shame. The passwords *password*, *admin*, and *123456* are infamous, with *123456* appearing a staggering 338 million times.
Additionally, nearly 727 million passwords included the sequence *1234*. This research reveals that many users still rely on easily guessable strings.
Cybernews identified common themes among weak passwords, which typically include names of people, positive words, pop culture references, and common places or items such as countries, cities, brands, and animals. Examples include terms like *love*, *mario*, *rome*, and *texas*, among many others.
Understanding what constitutes a weak password is essential. Generally, it’s any string that can be easily guessed by people or computer programs.
With advanced password-cracking software that utilizes dictionaries and common patterns, traditional passwords are becoming obsolete. To enhance security, it is crucial to create unique, lengthy passwords—ideally at least 12 characters long, incorporating both uppercase and lowercase letters, numbers, and special characters.
However, many unique passwords still fall short because nearly one-third use only lowercase letters and digits. If you haven’t yet transitioned to passkeys, consider doing so, as they offer a far more secure alternative.
If passkeys are not an option, follow these four recommendations: avoid common words, aim for longer passwords, utilize a password manager, and enable two-factor authentication. By taking these steps, you can bolster your online security and leave weak passwords behind.