Passwords have turned into a necessary evil, particularly for people who use dozens or hundreds of apps, websites, and other services. Follow the usual rules and create a strong, complex password for each account, and there’s no way for you to manage them all on your own. Break the rules and use the same weak passwords on all or most of your accounts, and you risk the threat of compromise from hackers.
But just how vulnerable are you if you do use weak or popular passwords? New research from password manager Nordpass shows just how quickly a hacker can crack a popular password.
Around 70% of the world’s most popular passwords can be cracked in less than a second, according to Nordpass. The passwords to which the company is referring are 9 of the 10 most popular passwords used in 2019. The following table lists the passwords along with the time it takes to crack them and the number of times they’ve been compromised in data breaches.
Hackers can use a range of tricks to try to obtain passwords used for online accounts. But the most common method is the brute-force attack, which relies on automated tools to do the dirty work. Under this scenario, cybercriminals gain access to certain account information through a data breach. Most websites, at least secure ones, don’t store your passwords in plain text; rather your passwords are saved using some type of encryption algorithm. In this case, the hackers learn the names, email addresses, street addresses, phone numbers, and other data for each breached account. The password is the one missing element.
To crack your password, hackers might first use a brute-force attack tool to run through all the popular and common passwords. Next, they may scour your other account information for clues to your password. Some cracking tools can modify these details by adding more data such as numbers or special symbols.
Hackers can also translate words into Leetspeak, which converts letters to numbers or special characters. As an example, the word “password” might become “p422W0Rd.” They can also use rainbow tables, which try to match plain-text passwords with their hashed values. Further, hackers will look for more of your breached online accounts to see whether you’ve reused the same password. In the end, the weaker your password, the more vulnerable you are to account compromise.
To protect your online accounts and passwords,
Use a password generator
Go over all your accounts and delete the ones you no longer use.
Use two-factor authentication (2FA)
Regularly check each of your accounts for suspicious activities.