Every year about this time, the good folks at Nordpass publish the Top 200 Most Common Passwords. This list provides endless fodder for tech journalists (and bloggers) to question why the same awful passwords keep showing up year after year. And by awful we mean so easy to guess or quick to crack that there might as well be no password at all. Once again, the current top 10 list is:
The list of passwords was compiled by independent cybersecurity researchers and comprises 4TB of data from over 50 countries. All of the passwords in the top 10 required less than 1 second to crack using widely available software tools.
How did we get here?
Interestingly, a person’s comfort level with technology doesn’t necessarily result in good password practices. As Emily Cain notes in her article, Why don’t we follow password security best practices?
By now, most people know the elements of a password that’s hard to guess or crack: long length (> 12 characters), avoid dictionary words, combine letters, numbers and symbols, etc. Combined with the additional rule that passwords should never be reused or written down, it quickly becomes impossible for most people to remember all of the passwords that they need to use regularly.
[Side rant: Why are banks (of all places) still asking us to enter our mother’s maiden name, father’s first employer and all manner of easily guessed “security questions”, while at the same time not implementing much more secure multi-factor authentication? Anyone?]
It’s not surprising that, given advice that’s both contradictory and impossible to follow, most people just keep doing what they’ve been doing. To quote the Twitter account @SwiftOnSecurity, “If you don’t make a system usable and secure, the user will make it usable and insecure.”
The best thing you can do today
Spare your brain from the stress of remembering multiple passwords and just use password manager software on all of your devices. Yes, you’ll have to create one strong password that you can remember (the master password) but once you’ve done the work of setting the program up (and replacing all of those less-than-great passwords on your current accounts), a good password manager will save you loads of time and effort. Again, Emily Cain:
To learn more about the current crop of password managers, check out these reports from Tom’s Guide and Wirecutter. Spoiler: they both recommend BitWarden as the best free manager and LastPass and 1Password respectively as paid managers. I’ve been a LastPass user for many years and while the free version is no longer recommended (too many disabled features), there is a family plan that is very reasonably priced for up to 6 accounts. Password managers for everyone!
The holidays are coming up and you need something to do with your free time, right?