If your password is in this list, you’re an easy hacking target
Dom DiFurio
•
Aug 19, 2022
Have you ever used “123456” as a password for one of your online accounts? You might as well not have any password at all.
Today, cybercriminals are obtaining more stolen usernames and passwords than ever before. In fact, 2021 was a record year for data breaches. Almost 190 million people were victims in roughly 1,800 data breaches last year, according to the latest annual report from the Identity Theft Resource Center. Unsure if your credentials have ever been exposed in one of the latest data breaches? This website provides a free tool that tells you which of your accounts have been compromised, and all you need to do is enter your email address.
Twingate analyzed a list of the 200 most common passwords in 2020, compiled by SecLists—a project maintained by Daniel Miessler, Jason Haddix, and g0tmi1k. The passwords were compiled from popular lists in the security testing world.
A sizable number of the most common passwords contained nouns and many included proper nouns like names of people (Nicole, Matthew) and intellectual properties (Pokémon, Star Wars), as well as regular nouns (princess, monkey, baseball). If the password contained at least three consecutive characters that are adjacent on a standard U.S. keyboard (qwerty, 1234, 159753) they were counted as having a keyboard pattern. None of the most common passwords analyzed by Twingate included any symbols or special characters.
Increasingly, bad actors can access wide swaths of Americans’ private information by performing what’s known as “credential stuffing.” Credential stuffing happens when cybercriminals buy or reuse lists of commonly used and stolen passwords and stuff them into the login fields of websites.
Credential stuffing poses a considerable risk to both businesses and consumers because of the sheer number of Americans who reuse passwords for multiple accounts. Around 65% of U.S. adults admitted to using the same passwords across at least some—if not all—websites they use, according to a 2018 Google survey conducted by The Harris Poll.
Tech companies including Apple are developing technology that experts say could be more secure and convenient than traditional passwords. They rely on your biometric data, meaning fingerprints and facial recognition.
Until more secure measures are implemented, password managers like 1Password or LastPass are an effective way to prevent these types of attacks, but passphrases are another good alternative. A passphrase is essentially a sentence. The FBI recommends using passphrases because longer passwords take longer for criminals to crack than complex ones (for example, those that include numbers and special characters).
Canva
The most common passwords use only letters or numbers
Passwords containing only letters: 90 (45% of top 200 passwords)
Only numbers: 56 (28%)
Both letters and numbers: 54 (27%)
Securing Kubernetes API: How to Secure Your Kubernetes API with Twingate
Thomas Andreas // Shutterstock
Many of the most common passwords contain nouns
Passwords containing nouns: 79 (40% of top 200 passwords)
Prostock-studio // Shutterstock
Keyboard patterns were another common trend
Passwords containing keyboard patterns: 77 (39% of top 200 passwords)
AWS Client VPN: How to implement a Simple Alternative to AWS Client VPN
Waniza // Shutterstock
While less common, multiple passwords contained the word “password”
Passwords containing “password”: 4 (2% of top 200 passwords)
fizkes // Shutterstock
If your password is in this list, you’re an easy hacking target
123456
123456789
picture1
password
12345678
111111
123123
12345
1234567890
senha
1234567
qwerty
abc123
Million2
000000
1234
iloveyou
aaron431
password1
qqww1122
Secure Remote Access to your Raspberry Pi: Simple, Secure & Free Remote Access to your Raspberry Pi + Home Assistant
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
If your password is in this list, you’re an easy hacking target
Dom DiFurio
•
Aug 19, 2022
Have you ever used “123456” as a password for one of your online accounts? You might as well not have any password at all.
Today, cybercriminals are obtaining more stolen usernames and passwords than ever before. In fact, 2021 was a record year for data breaches. Almost 190 million people were victims in roughly 1,800 data breaches last year, according to the latest annual report from the Identity Theft Resource Center. Unsure if your credentials have ever been exposed in one of the latest data breaches? This website provides a free tool that tells you which of your accounts have been compromised, and all you need to do is enter your email address.
Twingate analyzed a list of the 200 most common passwords in 2020, compiled by SecLists—a project maintained by Daniel Miessler, Jason Haddix, and g0tmi1k. The passwords were compiled from popular lists in the security testing world.
A sizable number of the most common passwords contained nouns and many included proper nouns like names of people (Nicole, Matthew) and intellectual properties (Pokémon, Star Wars), as well as regular nouns (princess, monkey, baseball). If the password contained at least three consecutive characters that are adjacent on a standard U.S. keyboard (qwerty, 1234, 159753) they were counted as having a keyboard pattern. None of the most common passwords analyzed by Twingate included any symbols or special characters.
Increasingly, bad actors can access wide swaths of Americans’ private information by performing what’s known as “credential stuffing.” Credential stuffing happens when cybercriminals buy or reuse lists of commonly used and stolen passwords and stuff them into the login fields of websites.
Credential stuffing poses a considerable risk to both businesses and consumers because of the sheer number of Americans who reuse passwords for multiple accounts. Around 65% of U.S. adults admitted to using the same passwords across at least some—if not all—websites they use, according to a 2018 Google survey conducted by The Harris Poll.
Tech companies including Apple are developing technology that experts say could be more secure and convenient than traditional passwords. They rely on your biometric data, meaning fingerprints and facial recognition.
Until more secure measures are implemented, password managers like 1Password or LastPass are an effective way to prevent these types of attacks, but passphrases are another good alternative. A passphrase is essentially a sentence. The FBI recommends using passphrases because longer passwords take longer for criminals to crack than complex ones (for example, those that include numbers and special characters).
Canva
The most common passwords use only letters or numbers
Passwords containing only letters: 90 (45% of top 200 passwords)
Only numbers: 56 (28%)
Both letters and numbers: 54 (27%)
Securing Kubernetes API: How to Secure Your Kubernetes API with Twingate
Thomas Andreas // Shutterstock
Many of the most common passwords contain nouns
Passwords containing nouns: 79 (40% of top 200 passwords)
Prostock-studio // Shutterstock
Keyboard patterns were another common trend
Passwords containing keyboard patterns: 77 (39% of top 200 passwords)
AWS Client VPN: How to implement a Simple Alternative to AWS Client VPN
Waniza // Shutterstock
While less common, multiple passwords contained the word “password”
Passwords containing “password”: 4 (2% of top 200 passwords)
fizkes // Shutterstock
If your password is in this list, you’re an easy hacking target
123456
123456789
picture1
password
12345678
111111
123123
12345
1234567890
senha
1234567
qwerty
abc123
Million2
000000
1234
iloveyou
aaron431
password1
qqww1122
Secure Remote Access to your Raspberry Pi: Simple, Secure & Free Remote Access to your Raspberry Pi + Home Assistant
If your password is in this list, you’re an easy hacking target
Dom DiFurio
•
Aug 19, 2022
Have you ever used “123456” as a password for one of your online accounts? You might as well not have any password at all.
Today, cybercriminals are obtaining more stolen usernames and passwords than ever before. In fact, 2021 was a record year for data breaches. Almost 190 million people were victims in roughly 1,800 data breaches last year, according to the latest annual report from the Identity Theft Resource Center. Unsure if your credentials have ever been exposed in one of the latest data breaches? This website provides a free tool that tells you which of your accounts have been compromised, and all you need to do is enter your email address.
Twingate analyzed a list of the 200 most common passwords in 2020, compiled by SecLists—a project maintained by Daniel Miessler, Jason Haddix, and g0tmi1k. The passwords were compiled from popular lists in the security testing world.
A sizable number of the most common passwords contained nouns and many included proper nouns like names of people (Nicole, Matthew) and intellectual properties (Pokémon, Star Wars), as well as regular nouns (princess, monkey, baseball). If the password contained at least three consecutive characters that are adjacent on a standard U.S. keyboard (qwerty, 1234, 159753) they were counted as having a keyboard pattern. None of the most common passwords analyzed by Twingate included any symbols or special characters.
Increasingly, bad actors can access wide swaths of Americans’ private information by performing what’s known as “credential stuffing.” Credential stuffing happens when cybercriminals buy or reuse lists of commonly used and stolen passwords and stuff them into the login fields of websites.
Credential stuffing poses a considerable risk to both businesses and consumers because of the sheer number of Americans who reuse passwords for multiple accounts. Around 65% of U.S. adults admitted to using the same passwords across at least some—if not all—websites they use, according to a 2018 Google survey conducted by The Harris Poll.
Tech companies including Apple are developing technology that experts say could be more secure and convenient than traditional passwords. They rely on your biometric data, meaning fingerprints and facial recognition.
Until more secure measures are implemented, password managers like 1Password or LastPass are an effective way to prevent these types of attacks, but passphrases are another good alternative. A passphrase is essentially a sentence. The FBI recommends using passphrases because longer passwords take longer for criminals to crack than complex ones (for example, those that include numbers and special characters).
Canva
The most common passwords use only letters or numbers
Passwords containing only letters: 90 (45% of top 200 passwords)
Only numbers: 56 (28%)
Both letters and numbers: 54 (27%)
Securing Kubernetes API: How to Secure Your Kubernetes API with Twingate
Thomas Andreas // Shutterstock
Many of the most common passwords contain nouns
Passwords containing nouns: 79 (40% of top 200 passwords)
Prostock-studio // Shutterstock
Keyboard patterns were another common trend
Passwords containing keyboard patterns: 77 (39% of top 200 passwords)
AWS Client VPN: How to implement a Simple Alternative to AWS Client VPN
Waniza // Shutterstock
While less common, multiple passwords contained the word “password”
Passwords containing “password”: 4 (2% of top 200 passwords)
fizkes // Shutterstock
If your password is in this list, you’re an easy hacking target
123456
123456789
picture1
password
12345678
111111
123123
12345
1234567890
senha
1234567
qwerty
abc123
Million2
000000
1234
iloveyou
aaron431
password1
qqww1122
Secure Remote Access to your Raspberry Pi: Simple, Secure & Free Remote Access to your Raspberry Pi + Home Assistant
Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.
Solutions
The VPN replacement your workforce will love.
Solutions
Solutions