If you use any of these passwords you need to change them now — here’s why

Passwords written down in a notebook
(Image credit: Shutterstock)

Using strong and unique passwords for each of your online accounts is highly recommended as it can prevent them from being hacked. However, even though most people are aware of this, many are still using weak passwords despite the security risk of doing so.

According to a new blog post from Cybernews, the incredibly simple “123456,” “12345” and “password” are some of the most used passwords today. Although these passwords are easy to remember, using one of them can put your accounts as well as your sensitive data at risk online.

The news outlet’s research team examined 56 million breached and leaked passwords from this year to find the weakest ones. Besides commonly used passwords like “123456” and “password,” they also found that many people use cities, animals, celebrity names, sports teams and even swear words in their passwords to make them easier to remember.

When it came to swear words, a** was used in almost 300,000 passwords while f**k was used in 79,000 passwords. Animals were also quite popular with “ant” used in 273,000 passwords followed by “cat” (122k), “rat” (100k) and “dog” (90k).

While you may want to use a word that’s easy to remember in your passwords, you actually want a password that is at least 12 characters long with a combination of letters, numbers and symbols. Of the 56 million passwords examined by Cybernews, only four percent were 12 characters long while only 28 million or around half were unique.

Weak passwords to avoid

If you're using any one of these passwords, you need to change them right now to avoid having your online accounts hacked. Instead, you should be using strong, complex and unique passwords for every site, service and app and we have more details on how you can do that below.

  • password
  • 123456
  • 123456789
  • guest
  • qwerty
  • 12345678
  • 111111
  • 12345
  • col123456
  • 123123

Seconds to crack

A hacker typing quickly on a keyboard

(Image credit: Shutterstock)

The main reason you want to use strong, complex and unique passwords is that they will be harder to crack by hackers. 

Even if you are as careful as possible, your passwords can still be leaked online after a business suffers a data breach. When this happens, your passwords will be hashed or scrambled and not stored in plain text. However, unlike with encryption, hashing gives the same results for the same word or string. For instance, if you use the word “cat” in your passwords, it will almost always be hashed the same way which allows hackers to crack your password more easily.

In a separate blog post detailing the top 200 most common passwords, NordPass found that “password,” “123456,” and “123456789” were the most popular passwords after looking through a 3 TB database. However, the firm's security researchers took things a step further by also including how long each of these weak passwords would take to crack.

Password, 123456, 123456789, qwerty and other passwords on their list can all be cracked in under one second. On the other end of the spectrum, a more complex password like “D1lakiss” would take hackers three hours to crack even though it was used by over 50,000 people. This password could be improved further by adding a few symbols and breaking up the word “kiss” which would be easily recognizable when hashed.

Why reusing passwords is so dangerous

A pair of hands using a tablet to log into an app.

(Image credit: mama_mia/Shutterstock)

Although you should be using strong and complex passwords instead of weak ones, it’s also important to avoid reusing your passwords across accounts.

Let’s say for instance you came up with a strong password that is still easy to remember and think it might be good enough to be your only password. While this might make sense at first, reusing passwords for different sites and services is one of the most dangerous things you can do. This is because once hackers get the password for one of your online accounts, they often try to see if it works with other services.

Password reuse is still one of the biggest cybersecurity problems around today but you can easily avoid it without spending hours coming up with complex passwords for each of your online accounts. If you do reuse your passwords, then you should drop what you’re doing and go through and change them now before you have your Facebook hacked or even worse, your bank account.

How to create strong, complex passwords for your online accounts

Although we mentioned earlier that you want to use 12 characters including uppercase and lowercase letters, numbers and symbols for your passwords, you don’t actually have to come up with passwords on your own. Instead, you can use a password generator to do this for you.

LastPass Free Password Generator

(Image credit: LastPass)

Fortunately, there are a number of excellent, free password generators available online from companies like 1Password, LastPass, Norton, Avast, Bitwarden and others. If these names sound familiar, that’s because many can be found on our list of the best antivirus software available as well as the best password managers. Sure, these companies want you to buy their paid products but you can use their free password generators to improve your online security for free.

Now that you’ve created strong and unique passwords for each of your online accounts, you’ll need a way to easily remember them. This is where a password manager comes into play. These services can securely store all of your passwords in one place and you can even access them on all of your devices. If you want to give using a password manager a try, there’s actually a free one that’s easy to use available right within Google Chrome. While you don’t want to store your most sensitive passwords – like those for your financial accounts – in your browser, you can use Google Password Manager first to see if a password manager may be for you. Likewise, you can also use a USB security key for two-factor authentication (2FA) for an extra layer of security when logging into your online accounts.

Although Google, Microsoft, Apple and other tech giants are trying to usher in a passwordless future, passwords aren’t going anywhere anytime soon which is why you want to ensure you are using strong and complex passwords as well as unique ones for each of your online accounts.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.