On world password day, these are the stupidest passwords - yet 103 million people use them

Published May 5, 2022

Share

Durban - It takes less than one second to hack the most commonly used passwords, a managed service provider in the Middle East and Africa region has warned.

With World Password Day commemorated today, David Lees, co-Founder of IronTree, which offers backup and cybersecurity products, said: “These days, there are numerous ways to create robust passwords, and save them for easy and swift retrieval. Tools like KeyChain Access or software like 1Password, LastPass or Dashlane. Beyond that, you need to LayerUp, adding two-factor authentication (2FA).”

Lees said companies are unaware of the threats posed by malware and ransomware, with cyber-criminals becoming smarter.

“Most need intelligent password management, with frequent editing, but that's basic. You need an expert partner, and not just software, to protect data,” he said.

He said under the new POPIA act, businesses have a legal obligation to protect consumer data, so they will need cybersecurity, backup, disaster recovery for emergencies, private hosting, and POPIA compliance.

According to virtual private network provider Nordpass, these were five common passwords in 2021 and how long it takes to crack them:

  • 123456: Less than one second to crack, with 103 million uses counted in a study
  • 123456789: Less than one second to crack, with 46 million uses counted in a study
  • 12345: Less than one second to crack, with 32 million uses counted in a study
  • qwerty: Less than one second to crack, 22 million uses counted in a study
  • password: Less than one second to crack, with 22 million uses counted in a study

IronTree proposes the following password tips:

  • Create complex and unique passwords.
  • Change them every few weeks, or even months.
  • Use a password manager, which act as a library for all your credentials and plug into desktop apps, as well as your browser. Do not used your browser as a password manager, as a hacker can access the cache and exfiltrate your credentials. A password manager can also add multi-factor authentication (MFA) to your credentials.
  • Use multi-factor authentication and enable it on as many accounts as possible. This means you’ll need to verify a login attempt before accessing services. MFA also ensures that if an account is compromised, the hacker won’t be able to access it until the login is authenticated.
  • Don’t use the same password across multiple accounts. If one account is compromised, it might lead to more being hacked.
  • Don’t share personal passwords, and store them securely. You shouldn’t keep your PC’s password on a sticky note stuck to your desk, or write it down in a notebook. This allows anyone to see your password and use it to access your accounts.

The history of passwords, according to National Day Today:

  • 1961: Massachusetts Institute of Technology (MIT) creates the computer password so that multiple people can use a shared computer system.
  • 1971: Public-key cryptography is created so two people can authenticate each other without exchanging a cryptographic key.
  • 1979: Weak Passwords: A study done by Morris and Thompson demonstrates that guessing passwords through personal information is easier than deciphering passwords.
  • 1986 Two-Factor Authentication: Two-Factor Authentication emerges and is adopted.

The Independent on Saturday