Today, passwords remain the most popular way to access dozens of accounts—from streaming services and online banking to email and social networks. And even despite the storage of bank card data and other personal information in these accounts, users continue to choose easily memorable options. This is confirmed by the results of a study by NordPass, which published a ranking of the most common combinations for 2022.
According to a 3 TB password database that leaked online due to security incidents, the most popular phrase in 30 countries was “password” with nearly five million matches. In second place was “123456,” followed by the slightly longer “123456789.” The phrases “guest” and “qwerty” round out the top five. Most of them can be broken in less than a second.
A weak password contributes to theft and the loss of valuable information. ESET.
Besides these simple options, researchers observe similar approaches among users in selecting combinations every year. In particular, users often use the names of sports teams, brands, movies, cars, video games, dishes, as well as swear words and the names of musical artists. For example, the name of the jewelry brand “Tiffany” was used nearly 14.8 million times, the music group “U2” more than 33 million times, and the film “Leon” 6.4 million times.
Moreover, the reuse of passwords or the habit of sharing them with someone makes it easier for potential hackers to break in. Even more dangerous is the repeated use of passwords that are the same for both personal and corporate accounts. This also exposes the employer to potential risks if hackers are able to steal important corporate information as a result.
What is the danger of using a password from a list?
According to the June 2022 report, 24 billion usernames and passwords are listed on cybercriminal online markets – that’s almost four for every person on the planet.
Criminals use various methods to steal login data:
Phishing. The scammer contacts the victim via email, text message, or during a call, impersonating a representative of a specific organization. As a rule, attackers come up with a reason why the user needs to log in again using a password.
Method of combination selection. With the help of automated tools, hackers can now make numerous attempts to break into accounts. Often, they enter typical password phrases to find matches.
Brute-force attack using previously stolen passwords. For this, hackers use automated scripts to simultaneously search for matches across different websites and applications.
Keyloggers. Malware for information theft is sometimes spread through phishing emails or malicious applications hosted in app stores. Once on the device, such threats secretly collect the victim’s information during their input.
Shoulder surfing. The essence of the method is that outsiders can observe the combinations when they are entered in public places.
Once they gain access to your account, hackers can steal any personal data, including credit card information. The cost of fraudulent payment card transactions exceeded 32 billion USD in 2021 and is projected to grow to 38.5 billion USD by 2027.
What to do if you found your combination in the list?
To protect personal and financial information, you should start by checking and changing existing combinations. Moreover, it is necessary to reconsider your approach to selecting and using passwords in the future. Such tips from ESET specialists will come in handy:
Always choose passwords that are sufficiently complex and unique for each account – this will make it harder for hackers to break them. Avoid reusing passwords, as it makes it easier for attackers to hack all your accounts if one combination is compromised.
Do not share your login details with anyone, as others may unintentionally ignore cybersecurity rules and put you at risk.
Delete all unnecessary accounts, as they may pose a threat.
Choose a manager and a combination generator. This tool will automatically suggest and save reliable and unique options for each profile. All you need to remember is the login information for the program itself.
Regularly check the reliability of credentials and update weak or outdated ones.
Add multi-factor authentication – most accounts now have this option. It provides an additional layer of protection by requiring extra verification upon entry, such as facial recognition or fingerprint scanning, as well as a one-time code.
Add a Comment