By now, you probably know the common tips for online passwords. Do not use a sequence of numbers. Don’t use your name. Do not reuse the same password for all of your accounts.
And yet, despite the emphasis placed on these tips by experts year after year, most people ignore them.
According to the 2017 Verizon Data Breach Investigation Report, 81% of hack-related data breaches are due to poor password security. And with the rise of remote working and learning in the wake of the pandemic, it’s a bad habit that needs to be smashed. It starts with knowing what do not to do.
ID Agent, a dark web monitoring company owned by a computer software company Kaseya, claims to have identified the most common stolen passwords found on the dark web in 2020 based on an analysis of nearly 3 million passwords.
What is the dark web, you ask? The dark web is part of the deep web, an area of the internet that is not indexed and cannot be found by a search engine.
“The dark web is only accessible through a specific browser that offers anonymity to its users,” said Mike Puglia, Chief Strategy Officer of Kaseya. “While not all dark web content is malicious, cybercriminals use the dark web for a variety of illegal purposes, including selling stolen credentials.”
20 most common passwords found on the dark web
Based on the top 250 passwords they discovered on the dark web, ID Agent said the most common categories used to generate these passwords include sequential strings of numbers, names, sports credentials, of famous people or figures, etc.
Fifty-nine percent of Americans use a person’s name or birthday in their passwords, while 33% include an animal’s name and 22% use their own name, the company said. The average user also reused their bad password 14 times.
Here’s a look at the 20 best passwords found on the dark web in 2020:
- the password
- : 12345678secret
The scan also identified the most commonly used words in various categories of passwords. For example, he found “maggie” to be the most common name among the top 250 dark web passwords. Sports fans like to include the word “baseball” most often in their passwords. “Newyork” was found most often among the cities that were used, and “cookie” was the most common food word.
How to prevent your password from being hacked
Worried that your password is too similar to some of the ones mentioned above? In order to protect yourself against identity theft, data breaches, and other fraud, it is essential to create passwords that cannot be guessed by cybercriminals. Here are some ways to do it.
It might seem a little obvious, but putting your name – or the name of a close family member – in your password makes it much easier for hackers to guess. In fact, at least 92 of the 250 most common passwords found by Agent ID were first names or variant names. Instead, find an absurd phrase that only you know.
Have you noticed that among the main passwords found on the dark web, how many passwords were a variant of “123”? Thirty-five of the 250 most common passwords, including 12 of the top 20, contained sequential numbers. Don’t make it that easy for hackers. “Individuals need to create passwords that include a combination of numbers, symbols, upper and lower case letters that are not sequential, ”Puglia said.
Create a unique password for each account.
If you reuse the same password for each account, you help criminals hit the jackpot if they find out what it is. According to Puglia, about 39% of people say that most of their passwords in their work and personal apps are the same. If you can’t think of so many unique passwords, password generators can help. Google Chrome has the built-in function, or you can try tools like passwordgenerators.net or Last pass.
Puglia said the The average American adult has between 90 and 135 different apps that require a set of credentials. Obviously, no one could memorize so much. “The best way to keep track of many passwords is to use a secure password manager,” he says. These tools prevent you from storing passwords on your phone or tablet, a common habit that makes it easier for cybercriminals to get hold of your credentials. Some options include LastPass, Guardian security or 1 Password.