The Worst Passwords of 2020 Are Out. Did Yours Make the List?

One study reports that 30 percent of Americans found the process of just resetting a password is as stressful as retiring. Approximately 67 percent of those in the survey said that losing their passwords causes as much anxiety as being fired or changing jobs.

That’s a lot of stress for one person over a line that may not even be longer than eight characters.

It’s human nature to stick to the same old passwords or use the most common passwords so that it is easier to remember. But these are mistakes that could cost you.

Most Common Passwords

NordPass has created a list of the most common passwords of 2020, the number of users that use those passwords, and the time that it takes to crack that password. They also studied the number of times each password had been exposed.

Passwords that are in numerical sequences and start with a “1” are among the most common. If you use the password “123456,” know that it takes less than a second to crack, and that password has already been exposed over 23 million times.

Other common passwords include “picture1, password, 111111”, and the word “qwerty.” “Picture1” is a password that may take up to three hours to hack, but it has already been exposed online over 11,190 times. The word “password” on the other hand takes less than a second to crack and has been exposed 3.7 million times.

Avoid Being Captain Obvious

Learn how to create a strong password by putting the principles of entropy to the test. Entropy is a mathematical predictability model that you don’t need to understand in-depth to leverage with your own passwords and co-op password policies.

It’s a matter of predictability, much like the NordPass list. How often is this password used, and what is the probability that it will be hacked?

Let’s say that you have a password that is one character long, and must be a letter in the English alphabet. That means that it would be either an uppercase or lowercase letter. This will tell your hacker that the password can only be one out of 52 different possibilities.

This is an easy one to hack. So password requirements often include parameters such as minimum lengths, special characters, a combination of upper and lower case letters, some numerical values, and so on. Those requirements are an effort to create entropy.

In a nutshell, avoid being “Captain Obvious” when you are developing passwords. Avoid words you are known to use a lot, numerical sequences, keyboard combinations, and obvious personal items like your home address, phone number, or name.

Do Not Reuse or Recycle

If there is one thing to keep in mind when avoiding bad password creation, it’s repetition. Don’t groan at yourself though, we’ve all done it even though we know we shouldn’t.

This tip, but not the password, bears repeating.

One survey found that approximately 91 percent of respondents know full well that they shouldn’t reuse or recycle passwords, but 59 percent of them did it anyway. That was bad news for 42 percent of companies in 2019 that were breached over password overuse or bad passwords.

Approximately 48 percent of employees in that survey were using the same passwords for both work and personal accounts, figuring that hackers wouldn’t be able to access both. But they do.

In fact, the average human will reuse the same password 14 times in their daily lives.

Avoid reusing and you will be in much better shape.

How to Create a Strong Password

On top of avoiding obvious phrases, there are other steps you can take to ensure your password is a tough one to crack. It’s about creating entropy, which simply means just lowering the predictability of your password.

• The more characters the less predictability.

• Mix it up with upper and lower case characters (but do so in a way you can remember.)

  • Example: WoodenHatBassBroomBullet. It’s not predictable and is easier to remember than something like Jk3s$2@!.

• Use 3 or 4 random objects around your desktop or room that you can easily remember, like, 2CoinsMarkerLaptopNapkin.

• Avoid easily guessed phrases such as “MayTheForceBeWithYou.”

• A good password used responsibly will never expire. But if you err on the side of caution, update your passwords each year.

You can also use Steve Gibson’s Password Haystacks tool to test the strength of your password.

Upgrade Your Security Protocol

Any mention of the concept of avoiding the most common passwords should include a discussion or reflection on the notion of upgrading your security protocol. You can do this without breaking the budget, either. It could be something as simple as installing password managers, or reconceptualizing how you develop your own passwords.

In addition to those methods, take advantage of two-step verification methods in online email systems like Outlook and Gmail at no cost.

Overall, be smart about it. Calling in a cybersecurity expert to beef a few things up can be done rather affordably. Be on top of your co-op’s security protocols when you are trying to find out how to create new passwords. It is as important as locking your door when you leave the house.