NordPass has published the 200 most used passwords in 2023, a list that comes from the analysis of large data breaches in attacks on Internet services. As expected, the results do not show significant improvements compared to previous years.
Passwords are still a highly insecure authentication method when they are not used appropriately. Furthermore, they are unfriendly in terms of usability.
The industry has implemented reinforcements such as two factor authentication (2FA) to improve security, which is a relief, since otherwise the situation would be unsustainable. Besides, access keys and unique codes linked to specific devices such as computers, tablets or smartphones, are other new features.
They are expected to be widely used in the future, as they have received support from companies such as Apple, Google and Microsoft. In the meantime, it is essential to strengthen the security of your passwords.
An ease that astonishes… For worse
The most used passwords in 2023 reveal a worrying situation. Cybercriminals continue to find easy access to accounts without the need to employ advanced hacking methods.
Most common passwords, such as “123456,” “111111,” “qwerty,” or “password,” can be decrypted in less than a secondand some can be obtained with a simple test.
Although passwords vary between countries, there are clear global trends in the use of simple numbers, common names, and a systematic violation of standards for creating strong passwords.
It is estimated that up to 70% of the most used passwords in 2023 can be hacked in less than a second. Below, we present the global list.
For example, the 10 most used passwords in Chile include highly predictable and frequently repeated elements in the global list, such as numerical sequences:
- 123456
- admin
- 12345
- 12345678
- 123456789
- 111111
- password
- 12345678910
- UNKNOWN
Despite being an unattractive method, passwords remain the primary form of authentication on the Internet, operating systems, applications, games, and various devices.
It is essential to dedicate efforts to its creation and maintenance following basic rules that we often know but do not apply.
Some recommendations for creating stronger passwords
- Avoid using common words or typical numbers.
- Do not use personal names, pet names or dates of birth.
- Combine upper and lower case.
- Mix numbers and letters.
- Include special characters.
- Extend the length with as many digits as possible.
- Do not use the same password for all sites.
- Use specific passwords that are as secure as possible for online banking and shopping, where financial information is shared.
- Keep the password protected from third parties.
- Do not share the password with anyone, even in supposed official requests through emails or messages from messaging services, as these could be phishing attempts.
- Change the associated username and email.
- Reinforce the use of passwords when features such as double authentication (2FA) or biometric systems, such as fingerprint sensors or facial recognition, are available.
- Regularly clean unused online accounts.
Check if your passwords have been compromised. “Have I Been Pwned” It is a good tool to do it.
Or use a password manager
There are applications that reduce human errors in password management, automating both their creation and access to different websites and services.
Additionally, they provide protection against phishing attacks by immediately identifying characters from different alphabets. A great advantage is that you only need to remember one master password, since the manager will take care of the rest.
Some managers are:
KeePass: It’s an older one, existing since the days of Windows XP. KeePass stores passwords in an encrypted database that can be accessed using a password or digital key. Additionally, you can import and export passwords in a wide variety of formats.
Bitwarden: It works as a web service that can be accessed from any desktop browser, and has mobile applications for Android and iOS. Bitwarden enables password sharing and secure access with multi-factor authentication and audit logs
Passbolt: This is a self-hosted password manager designed specifically for work teams. You can self-host the program on your own servers to have full control of the data, although there is also a cloud version hosted on the company’s servers, suitable for teams without experience or infrastructure.
Psono: It is a self-hosted solution that offers an attractive web-based client written in Python. The source code is available under the Apache 2.0 license.
Teampass: This manager is geared toward computers and has an offline base mode that allows you to export your items to an encrypted file, useful for situations without an internet connection. Despite not having the most attractive design, it allows you to quickly define roles, user privileges, and folder access.