May 4 marks World Password Day, and experts are urging the public to take their cyber-security much more seriously – as millions of people are doing next to nothing to foil the hackers.
Data shows that common and obvious phrases such as “password” and “qwerty” – in reference to the common computer keyboard layout – are often among the most used passwords globally.
A report by NordPass showing that “password habits die hard” comes with a list of the most used passwords in 30 countries. In the UK, the top 20 are:
1. password
2. 123456
3. guest
4. liverpool
5. qwerty
6. arsenal
7. 1234567898 password1
9. 12345
10. 12345678
11. chelsea
12. charlie
13. abc123
14. liverpool1
15. Parola12
16. football
17. monkey
18. chocolate
19. yuantuo2012
20. letmein
It’s not quite the same everywhere. In the US, “guest” beat out “123456” to be the most popular password in 2022, with “password” only in third.
Tomas Smalakys, the chief technology officer of NordPass, said: “Throughout the years, we observe almost identical password management mistakes, which suggests people simply prefer convenience.
“If we cannot do better with passwords, we should do better than passwords. Last year marks a huge milestone in search of alternative online authentication solutions, with passkey technology paving a way to replace passwords in the future.”
Tips to secure your passwords
Even though companies implement security measures to protect our accounts, every user still needs to be careful with their passwords.
1. Be aware of all accounts that are in your possession. Experts recommend deleting unused accounts and knowing the exact number of those that are active. This way, you can prevent gaps in your password management.
2. Make long, unique passwords, and never reuse them. Complicated combinations of numbers, uppercase, lowercase letters, and symbols make the most robust passwords. Reusing them is never an option — if one account gets hacked, other accounts are at risk.
3. Use a password manager. This technological solution fully encrypts the passwords stored in the vault and allows secure sharing. Many cybersecurity incidents happen because of simple human mistakes — people leave their passwords openly accessible for others and store them in Excel or other unencrypted applications.
It comes as cybersecurity experts called for the public and businesses to “drop passwords altogether” in order to better protect personal data.
Grahame Williams, identity and access management director at defence firm Thales, said passwords were “becoming increasingly insecure” and “easily hacked”, adding that the industry needed to move on to newer technologies in order to boost security.
Meanwhile, Apple, Google and Microsoft have announced a joint effort to support a new type of online sign-in which could replace passwords and is designed to make the web more “secure and usable for all”.
The technology giants have agreed to support a new common passwordless sign-in standard which has been created by industry body the Fido Alliance and the World Wide Web Consortium.
The new standard, once in place, would allow people to sign in to websites and apps in the same way that they unlock their devices; such as by using a fingerprint or face scan to verify themselves, or by entering a device PIN.