You might be thinking that you're not interesting enough to hack, or that you have great passwords that cyber criminals aren't going to get the better of. Well, you might want to think again.
Payment firm Dojo’s new “most hacked passwords list” for 2023 reveals a suite of insights that could have you questioning the way you come up with (and manage) passwords.
The firm’s study reveals the most popular password pattern uses all lowercase letters, more than 1.5 million passwords were eight characters or less, terms of endearment are the most common password category, and 29% of passwords use 12 characters or less. Furthermore, passwords that use these patterns tend to be easily cracked through guesswork, with the likes of “london89,” which follows a simple and common pattern of six letters and two numbers being cracked in 3.01 seconds.
Through a variety of techniques, such as brute-forcing passwords, ‘Dictionary’ attacks that use common words and phrases, to phishing and malware, hackers can bypass weak passwords, especially those that follow common patterns.
“It’s important to note that hackers are most likely aware of these popular patterns and passwords, making them even quicker to hack. Combined with public social media profiles or personal information that’s been made available online (think birthdays, favourite holidays, pet names), hackers have the potential to gather enough information to make educated password guesses,” Dojo’s report explained.
”So, if you’re wanting to create a new password, try to make it more than 12 characters long, contain a capital letter or special characters and don't relate to any memorable events or personal details.”
You may be thinking that you use a long password and don’t just use lowercase characters, but even then there are things to beware of if you want to keep hackers at bay.
Nicknames for passwords, TV show characters, colors, fashion brands, movies, video game characters and swear words are in the top 20 most commonly hacked password categories, So it’s worth being aware of how those could affect your password security.
And if you're open about what movies, games, brands and more you like on social media, you might want to look at the password you use, especially for anything containing sensitive or financial information, and make sure they are decently strong.
How to make sure your passwords are protected
Dojo has some handy advice on what to do and what to not do whant it comes to having a storng password.
Do's:
- Use a mix of special characters, numbers and capital letters. Including a range of upper and lower-case letters, as well as numbers and symbols (such as $ £ !) this makes passwords more secure and harder to hack.
- Aim for a long password with a minimum of 8-12 characters. The longer the password, the better. Longer passwords require more time to work out combinations and hackers looking for a quick win may be deterred.
- Use multi-factor authentication. Two-factor authentication requires hackers to get through two layers of security checks before they can get onto your account.
- Use a password manager. When creating multiple unique passwords, it can be tricky to remember them all. Instead of writing passwords down or on your phone’s notes, there are secure apps and websites where you can safely store these passwords instead.
- Change your passwords. If you have any concerns that a password has been compromised be sure to change the password to reduce the risk of your accounts being compromised.
Don'ts:
- Don’t use personal information in your passwords. Stay away from using any type of personal information in your passwords, such as a name, date of birth, or your pet’s name. This information can easily be discovered by hackers from social media profiles or even public conversations.
- Don’t use obvious sequences of letters or numbers. Avoid using numbers and letters in common sequences such as 1234 or qwerty. These generic formats and memorable keyboard paths are the first to be guessed by hackers.
- Don’t tell anyone your password. If you were to share a password, make sure to change it soon after.
- Don’t automatically save passwords to your browser. It may be very convenient, but allowing your browser to save passwords risks your details being viewed by other people that use your devices.
- Don’t use the same password across multiple accounts. It’s important to not reuse passwords. If one account was to be hacked it could result in exposing other accounts to be breached with the same password.
Some of these tips might sound obvious, while others may have passed you by. Our advice is to be savvy with how you manage your passwords.
We know it can be a nightmare to try and remember what passwords you have for what accounts, especially as there’s no shortage of services to sign up for these days. So we’d echo Dojo’s advice on using a password manager; check out our guide on the best password managers.
Equally, it’s worth freshening up on your cyber security knowledge and best practices. For example, if you share a device with another person, you may want to create separate accounts for it and make sure you're signed out of services you don’t want them using.
And do be aware of phishing scams, as they are getting ever more sophisticated to the extent that even seasoned tech journalists can almost get caught out; the old adage, ‘if it looks too good to be true, it probably is’ is still worth bearing in mind.
Finally, make sure you use good security software, such as the tools found on our best antivirus software and best internet security suites lists.
More from Tom's Guide
