The worst passwords of 2019: Did yours make the list?

[duddy]

The worst passwords of 2019: Did yours make the list?

 

 

 

These passwords may win the popularity contest but lose flat out in security

 

 

Year after year, analyses show that millions of people make, to put it mildly, questionable choices when it comes to the passwords they use to protect their accounts. And fresh statistics for the year that is drawing to a close confirm that bad habits do die hard and many people willingly put themselves in the firing line of account-takeover attacks.

 

Drawing on an analysis of a total of 500 million passwords that were leaked in various data breaches in 2019, NordPass found that ‘12345’, ‘123456’ and ‘123456789’ reigned supreme in order of frequency. Between them, these numerical strings were used to ‘secure’ a total of 6.3 million accounts. It doesn’t get much more optimistic further down the list, however, as these three choices were followed by ‘test1’ and, the one and only, ‘password’.

 

Somewhat predictably, the chart is overall replete with many usual suspects among the most common passwords – think ‘asdf’, ‘qwerty’, ‘iloveyou’ and various other stalwart choices. Other supremely hackable passwords – including simple numerical strings, common names, and rows of keys – also abound. Much the same picture is painted annually by SplashData’s lists of the most-used passwords, such as last year, the year before that, and so on.

 

The entire list of the 200 most popular passwords is available in NordPass’ blog post, but here’s at least the top 25. Let that sink in.

 

Rank	Password
1	12345
2	123456
3	123456789
4	test1
5	password
6	12345678
7	zinch
8	g_czechout
9	asdf
10	qwerty
11	1234567890
12	1234567
13	Aa123456.
14	iloveyou
15	1234
16	abc123
17	111111
18	123123
19	dubsmash
20	test
21	princess
22	qwertyuiop
23	sunshine
24	BvtTest123
25	11111

 

 

Eerily familiar?

If you recognize any of the above as your own, then fixing your passwords is almost certainly one of the things that deserve a place on your laundry list of New Year’s resolutions. For starters, fixing here means not having the exact same idea as millions of other people when you’re signing up to a service and are asked to create your password.

 

One way to go about this is opt for a passphrase, which, if done right, is generally a tougher nut to crack as well as easier to remember. The latter is especially useful if you don’t use password management software, which, somewhat unsurprisingly, has been shown to benefit both password strength and uniqueness. Yes, that passphrase should, of course, be unique for each of your online accounts, as recycling your passwords across various services is tantamount to asking for trouble.

 

You may also want to watch out for password leaks. There are a number of services these days where you can check if your login credentials may have been caught up in a known breach. Some of them even offer you the option to sign up for alerts if your login information is compromised in a breach.

 

In fact, as ours is an era where login data are compromised by the millions, why settle for one line of defense if you can have two? At the risk of repeating ourselves, two-factor authentication is a highly valuable way to add an additional layer of security to online accounts on top of your password.

 

Source

[frankl1n]

7 minutes ago, duddy said:

qwertyuiop

i use this a lot for throw away BS accounts that are not linked with any real info about myself.

If people would just use strong pws then reusing them wouldnt be a huge issue and 2FA would be unnecessary, this is assuming you are not already pwned 👻

[ghost]

Why is the worst password of 2019 list the same as 2018 and the year before that? The list is the same whether it's 1999, 2009, or 2019.

[Threepwood]

 

"Every once in a while someone writes a scary article telling us how the most frequent password still is "123456" and how very bad it is.

That's an utter load of crap.

I know a bit or two about computer security. Yet, my most commonly used password is "password". And that's not going to change anytime soon.
 

Let me explain that. I'll start with an example.

Passwords of Average Joe

Few weeks ago someone on an underground forum shared logs from his password stealers. He had already processed all crypto-currency related information and log files had no other value to him. So, they were released to general public.

Let's see what passwords are used by someone in Indonesia:

• zipgrade.com - p1806211006
• qr-code-generator.com - p1806211006
• ugm.ac.id - p1806211006

And his/her Google password is?.. You guessed it right!

How about Rogerio from Brazil?

• webzen.com - ro231088
• d4swing.com - 23101988
• twitter.com - ro23ge10rio88
• google.com - ro23ge10rio88

Well, can you guess his 4shared password? And his birthday? Maybe it will take you 3 attempts, but you'll succeed.

Final example - Oleg from Ukraine:

• moneyveo.ua - BRAZZERSporn2017
• cash24.com.ua - BRAZZERSporn2017
• creditup.com.ua - BRAZZERSporn2017
• paypong.ua - q1w2e3r4t5y6u7i8
• wargaming.net - q1w2e3r4t5y6u7i8o9
• google.com - q1w2e3r4t5y6u7i8
• rabota.ua - q1w2e3r4t5y6u7i8o9p0

Obviously, he's horny. And needs cash. But how hard it is to guess his ask.fm password?

What's my point here?

Point #1 - don't save passwords in the browser

Contrary to what everyone keeps telling you, passwords saved in the browser are not safe from hackers. Yes, it's very convenient for you - you visit a website and browser just magically remembers your password and fills in the form. But it's really not that safe.

All these passwords above were stolen from browsers using a password stealer.

Chrome uses your Windows password as a master password. So, any program that runs under your username can decrypt and steal your passwords. Firefox allows you to set a master password - but it's not enabled by default. And Internet Explorer... Have you heard about NirSoft password recovery tools?

So, please don't do this.

Point #2 - your passwords must be unique

As you can see in the examples, people use several different passwords. But all of them are very very similar. As soon as you know one password, you can guess others.

My solution

There are different types of websites. There's the online banking website, there's your email, your favorite news portal, a Pokemon Encyclopedia and that torrent site from which you can download "things".

Not all of them are equally valuable to you, right?

If someone else gets access to your online bank, it's a disaster. If someone else can read your email, it's really unpleasant - but not the end of the world. If someone gets access to your Pokemon Encyclopedia account... Well, would you really care? And that torrent site run by Russians? You aren't even telling them your real name, right? smile

So, why should you use password like "\ZR3^m__fSJN=ct6" for some website you really don't care about? That's just plain stupid.

Valuable websites

There are some websites which contain your personal data. Name, address, credit card number, private photos, etc. You're probably paying a subscription fee for some websites like Spotify or Netflix. These are valuable websites.

For these websites I use my real email and a strong password. Every site gets a unique password. Something that you can spell and but is really unique. There are websites that can generate such passwords.

Useful websites

Some websites are not valuable yet still useful. You don't have any personal data there, you're not paying for them - but they provide you with some value. Your online cookbook. Schedule for your favorite TV shows. Something.

For these websites I use my real email and a weak password. All websites get the same password. That's simple and easy to remember.

If the password gets leaked or cracked, I don't really care. The hacker will learn that I love Thai green curry and watch "NCIS: Los Angeles". Yes, I have a weird taste, so what?

And I can always reset my password using my email.

Throwaway websites

All other websites are "throwaway websites". If you lose access to them, it doesn't matter. You can just create a new account and life goes on.

For these websites I don't use my real name. I don't use my actual email, either. It's easy to get a throwaway email account in case you need to "activate your account" for whatever reason.

So, for these websites, I use password "password". Because why not? And what if someone guesses my password? Well, I don't give a damn, please feel free to do that!

To make life simpler, I even have all those websites and username/password combinations written down in a TXT file. There goes that "don't write your password down" rule!

Why not use a password manager/2FA?

This post is not about keeping your valuable passwords safe. It's about not giving a damn about silly websites that force you to register. And that it is OK to have a password "123456" for those.

How you keep your valuable passwords safe is entirely up to you. I don't really trust a software password manager, they have vulnerabilities, too. But I am considering getting a Yubico key to use for my most valuable accounts.

Conclusion

I know this post will annoy some people. Please feel free to let your feelings known in the comments - but keep it civil. smile"

 

Source:

https://lifeinhex.com/my-password-is-password/

 

[halvgris]

unfortunately this is sort of fake news article promoting

nordvpn password manager.

 

it's also kind of obvious that top 20 passwords are used

for free services which you might need to use once every

other year. it might have your real name but everything

else is fake. as for me 1 of 50 signup/services has my name

on it. no other reference to find me.

 

keep maintaining better passwords for the services that

means something to you.

 

always use fake 10 minute email or forwarding mail and

no personal details on "free" services.