Feel like you have more passwords than you’ve had hot dinners? You’re not alone. With studies showing that the average person has 100 passwords, we’re all managing an ever-growing arsenal of passwords.
Choosing the perfect password, however, can feel like an arduous task, and often leads us into creating the; quickest, easiest, most memorable passwords we can.
The problem? They’re rarely the most secure ones.
The result is a pandemic of poor password choices that fatally weaken our defence against cybercriminals. They’re traps which can compromise your data, finances and even your organisation’s cybersecurity.
With the Coronavirus pandemic and the rise in home working in 2020, cybercriminals and the software they utilise has not only grown more sophisticated, but more effective. As such, there’s never been a better time to brush up on how to write a secure password.
In 2020, we took a look back at the most common passwords of 2019, and now, thanks to research from NordPass, we can reveal the most commonly used passwords worldwide in 2020.
So, join us below as we share with you 2020’s most common passwords and explain why you shouldn’t reuse your password alongside much, much more.
What were the most common passwords of 2020?
The top five most commonly used passwords in 2020 were:
- 123456
- 123456789
- picture1
- password
- 12345678
Just as in 2019, what unites each of these passwords is the very same thing: simplicity.
The appeal of simplistic passwords is clear. They don’t take long to think up; they’re easy to remember and – most of all – you get to spend less time dreaming up passwords and more time doing something fun, like watching your new Netflix subscription.
Unfortunately, simple passwords come with a simple downside; they’re just as simple to crack. In fact, password cracking software can break through 4 of 5 of these passwords in less than a second.
What does the password list tell us?
Several themes recur time and time again in the NordPass password list.
As always, numerical patterns are a prevalent theme, with repeated digit passwords like ‘1111111’, ‘555555’ or ‘999999’ appearing alongside ‘12345’ and ‘123654’ in the top 100.
In fact, out of the top twenty passwords, numerical patterns appear eleven times, highlighting just how common they are.
Another theme that appears time and time again in the list is football teams and fictional characters. Forbes research found that football teams ‘liverpool’, ‘chelsea’, ‘arsenal’, ‘manutd’, and ‘everton’ were the five most commonly used. Meanwhile, ‘superman’, ‘naruto’, ‘tigger’, ‘pokemon’ and ‘batman’ were the most commonly used fictional characters.
Other popular common passwords are names and musicians, which appear throughout the top 100.
So, what do all these patterns tell us?
When building passwords, most of us fall back into behaviours which favour choosing something simple, easy to remember and in some cases, close to our hearts. Whether it’s our football club, favourite band, an easy to recall set of numbers or even our name – many of us are choosing passwords that don’t require us to memorise anything complicated.
All of which brings us to:
How to create a stronger password
There are countless ways to create good, secure passwords, but many popular methods ignore the fact that though ‘C7sf3LU!6w’ is a strong password, it’s virtually impossible to remember. Especially when you compare it to something like ‘leedsutd’, or ‘ashley’.
That’s why at Bob’s Business, we recommend the ‘three words’ method of password creation. Pick three random, unconnected words and put them together. Passwords like ‘frogcapitalglass’ are easy to remember and, crucially, unique.
For an even more secure password, combine those three words with capital letters and numbers, like “Frog6Capital0glass” want to check how secure your new password is? Try How Secure is my Password and discover just how quickly cybercriminals could crack your password.
How often should you change your password?
When it comes to how often you should change your password, you might have heard some conflicting reports. Some schools of thought suggest every month, others once every quarter.
The problem with a mandatory password change is that they tend to encourage rushed superficial changes – an extra capitalised letter here or a few new numbers there. For hackers, these slight changes are easy to guess.
For that reason, it’s recommended that you create unique passwords for each service you use.
Of course, if any service you use is breached, you should immediately change your password to stop criminals from accessing your private information. Finding out whether an account you use has been exposed is simple, just use a website like Have I Been Pwned?
How to remember your passwords
Strong passwords are crucial, but unique passwords are perhaps the most critical element of password security. After all, should your login credentials for one service become exposed, unique passwords ensure that your other accounts remain secure.
That can mean dozens – if not hundreds – of unique passwords required. So, how exactly do you remember all those passwords?
You don’t.
Instead, we recommend you make use of a password manager.
Password managers come in many shapes and sizes, from software managers like Passbolt to password managers that are built directly into your browser. In fact, there’s a good chance you’re already using a password manager in your browser.
So, instead of trying to recall your passwords, make use of a password manager and never worry about forgotten passwords again.
Bob’s top password tips
Creating a secure and memorable password doesn’t need to be complicated. Just follow our top password tips below, and you’ll never need to worry about your password security again.
- Choose three random, memorable words to make your password. Try to choose words that aren’t related to your life, hobbies or passions, so that no automated hacking system or individual can figure out your password.
- Create unique different passwords for every website or service you use. The temptation to use the same password everywhere is strong, but doing so means that a single breach on any service could compromise all of your accounts.
- Check to see if any of your accounts have been breached. By checking Have I Been Pwned? you can see whether any of your details have been breached and released. It should go without saying, these passwords should be changed as soon as possible.
- Make use of a password manager. Password managers ensure that no matter how unique your passwords get, you never forget about them. Most modern web browsers have password managers built-in, but there are free solutions available also, which are compatible with most devices.
How can organisations educate their employees?
Password security is no joke, especially when insecure passwords can create unnecessary risk for businesses.
At Bob’s Business, we understand that your employees are at the core of your organisational cybersecurity health. They’re the front line of your battle against cybercrime and, without proper training, can be manipulated to grant access to confidential and valuable information.
Our online cybersecurity courses cover everything from making the perfect password to GDPR compliance, phishing detection and data protection. They’re designed to help your team understand cybercrime threats and empower them to protect your organisation further.