Make sure to avoid these categories when picking a password

midian182

Posts: 8,026   +89
Staff member
Facepalm: It's 2022, a digital age where much of the world works from home, so one would imagine that comically bad passwords have been consigned to the history books. Sadly, that’s not the case, as yet another study has shown that people keep getting hacked due to their poor choice of credentials.

Card payments company Dojo analyzed data from the UK's National Cyber Security Centre (NCSC) on 100,000 passwords to come up with a list of the most commonly-used categories people look to when picking a password. Victims tend to use variations of the same password, often with a few other easily guessable characters, e.g. Love123456.

The most popular category was terms of endearment, found in 4,032 of the most commonly hacked passwords. So even if you are someone’s Love (1,492 hacks), Baby (417), or Angel (330), maybe don’t incorporate that term into your password.

Next up are names. While using your own name might be an easy way to remember a password, it’s certainly not a good idea, hence the 3,913 hacks found in this category. Sam was the most popular/worst offender (313 hacks).

Rank Category Total of breached passwords that include the top 20 words/phrases in that category*
1 Pet names/terms of endearment 4,032
2 Names 3,913
3 Animals 2,112
4 Emotions 1,917
5 Food 1,662
6 Colours 1,450
7 Swear words 1,268
8 Actions 991
9 Family Members 723
10 Car Brands 606
11 Cities 505
12 Brands 477
13 Countries 463
14 Sports 457
15 Religions 341
16 Hobbies 314
17 Weather 313
18 Drinks 268
19 Social media platforms 253
20 Star Signs 204

Next is animals, which covers Dog (354) and Cat (265) rather than actual pet names. Further down the list, we see the usual suspects: emotions, food, colors, family members, and brands (Apple, LinkedIn, and Google are named). It’s refreshing to see that swear words are pretty popular, taking seventh spot in the table.

Social media platforms are at 19th, though anyone who uses “Facebook” as their Facebook password deserves to be hacked. They’re followed by star signs in twentieth place.

The report also looked at the most commonly hacked passwords with the most users. As we’ve seen countless times before, 123456 remains number one, with an incredible 23.2 million users. That’s followed by 123456789 (7.7 million users), Qwerty (3.8 million), Password (3.6 million), and 1111111 (3.1 million).

One of the best ways to avoid password-based hacks is to use a dedicated password manager, where all you have to remember is the master password—just don’t use 123465. Some of our favorites can be found in this Essential Apps feature.

Permalink to story.

 

bviktor

Posts: 907   +1,325
Let go of passwords. Remember only 2 password: one for your email address, and one for your password manager. That's how I roll, all my passwords are 32 character generated ones.

Bitwarden is free, works in all major browsers, and on mobile too. There's no excuse not to use it.
 

m4a4

Posts: 2,942   +3,800
TechSpot Elite
This was my previous password for TechSpot:
Code:
sa9n<cvOv~>;
Use passwords like that people!
https://xkcd.com/936/

password_strength.png
 

amoeba00

Posts: 75   +30
TechSpot Elite
*sigh - sadly, too many people will think that means using "correct horse battery staple" at all the sites will protect them.

That really needs to be updated to reflect a better practice of using a password similar to "correct horse battery staple" on a password manager (and nowhere else) to protect those unique randomized passwords generated for all the other websites.

 

Old Molases

Posts: 199   +41
Using password manager can be of help here. You dont need to remember the password, plus it give you a password which is nearly impossible to crack.
 

m4a4

Posts: 2,942   +3,800
TechSpot Elite
That 4 random words is much easier to guess using dictionary hacking technique. First option is much harder since it does not contain any words found on dictionary.

Basically that comic is wrong.
You missed the point. The length of the password matters more for bruteforcing it, and there's no point using gibberish if you're not going to remember the password.

For basic users, a passphrase serves them better.

And if you really need security from a dictionary attack, add a special character or 2 outside of the words. Or use more words lol