According to the data provided by the NordPass password manager, nearly 70% of the most popular passwords people use can be hacked in less than a second.
Here are the top 10 passwords of 2019 along with the time it takes to hack them and the number of times they've been exposed in various data breaches.
Password | How long does it take to hack? | How many times has it been exposed? |
12345 | Less than a second | 2,380,800 |
123456 | Less than a second | 23,547,453 |
123456789 | Less than a second | 7,799,814 |
test1 | Less than a second | 13,518 |
Password | Less than a second | 130,999 |
12345678 | Less than a second | 2,938,594 |
zinch | Less than a second | 14 |
g_czechout | 12 days | Never |
asdf | Less than a second | 315,892 |
qwerty | Less than a second | 3,912,816 |
"Millions of people still use generic, popular, and widely used passwords. While these might be easier to remember, people are doing hackers a huge favor by using them, as it will only take a second to crack such a weak password," says Chad Hammond, a security expert at NordPass.
How do hackers crack these passwords?
"While hackers use many effective techniques, the most common is the so-called ‘brute-force’ attack,” Hammond said. “It's an automated, common, and effective method to hack people's passwords.”
Wondering how a brute-force attack works? First, hackers check if your password is among the most popular. They will then check all the known information that you might use for your password, such as your name, address, favorite band, sports team, or your pet's name. There is also a program that will tweak this information by adding more data, like numbers or special symbols. Hackers will also translate words into Leetspeak (where “password” becomes “p422W0Rd”) or scan rainbow tables, which are vast sets of tables filled with hash values pre-matched to possible plain text passwords. Hackers will also check if your other accounts have been breached and whether you’ve reused the same password for another account.
However, there are some security solutions to protect your accounts from such attacks, according to Hammond.
- Use a password generator
Password generators are great tools that can generate complex passwords in seconds,” he said. “Sadly, they are still massively underused. Recent research by Kaspersky suggests that a whopping 83% of respondents make up their passwords instead of using some sort of tool that will do it for them.”
- Review all accounts and delete ones that are no longer in use
If a small, obscure website ends up breached, users might never even hear about it. Individuals can visit haveibeenpawned.com to check if their email has ever been compromised.
- Use 2FA when possible
Whether it's an app, biometric data, or hardware security key, accounts will be much safer with an extra layer of protection.
- Make sure to regularly check accounts for suspicious activities
If there’s anything unusual at all, the password should be changed immediately.