In our ever-advancing technological age, we are constantly reminded of the importance of having strong passwords.
With an uppercase letter here and a unique character there, you would think that with the many requirements needed just to have a password approved, nowadays, passwords wouldn’t be so simplistic or easy to guess.
And yet, they remain one of the most glaring weaknesses in our cybersecurity armour, giving even the laziest cybercriminals all they need to steal our data and, often, our money.
So what are the most common passwords in use in 2022, what’s the psychology behind them and what can you do to reduce your risk? Join us as we take a look.
What are the most common passwords of 2022?
2021 research from Nordpass found that in the United Kingdom, the top 5 passwords were as follows:
- 123456
- password
- liverpool
- password1
- 123456789
If you compare these passwords to those in our blog post from 2021, you will find that many of these remain the same.
This suggests that human behaviour remains stubbornly resistant to change despite an increase and evolution in cyber threats and attacks (especially during the Covid-19 pandemic).
Awareness of the requirement for ‘strong passwords’ is high, however, with the top 5 passwords staying virtually identical, there’s work to be done to raise awareness of the risks that simple passwords bring.
Why do we create weak passwords?
If we really want to tackle the weak password epidemic, it’s worth thinking about why we create weak passwords in the first place.
As with most of our everyday behaviour, the answer is simple: it’s the path of least resistance. Put simply, many of us choose simple, weak passwords because they’re easy for us to remember.
Patterns of letters or numbers, football teams, superheroes and other fictional characters proliferate the top 100 list of passwords. What this tells us is that when it comes to passwords, most of us simply want something that doesn’t leave our heads at the first chance. But how much threat can a bad password pose?
How much damage can weak or reused passwords pose?
The problem with simple passwords is that they are too weak and can be easily cracked by automated tools. But that’s far from the only issue.
The National Cyber Security Centre (NCSC) found that 23.3 million breached accounts used ‘123456’ as a password.
The average person has 100 passwords, so it is understandable why many choose simple passwords or make slight variations of the same passwords. However, these can be easy for hackers to guess, enabling them to access personal data and accounts with ease.
Worse still, reused passwords enable a single breach to cause a chain reaction of breaches on every account you use the same password for. A Google study found that an astonishing 65% of people reuse the same password across multiple – if not all – accounts.
Curious to see whether any of your accounts have been breached? Check if your password has been exposed or breached by using websites such as ‘Have I Been Pwned?’
How to create stronger passwords
Passwords are your first line of defence, which is why weak and simplistic passwords are frequently responsible for data breaches.
- Pick three memorable words. A quick, unique and secure password starts with three random words. Pick words that aren’t related to your hobbies, family life or passions, so that your passwords are truly impossible to guess. Take ‘tree’, ‘grate’ and ‘cookie’, for example. Combine those with numbers and characters like ‘Tree8Grate!Cookie’ and you’ve got a truly memorable and virtually impossible to crack password.
- Create different passwords for every website or service you use. The temptation to use the same password everywhere is strong, but doing so means that a single breach on any service could compromise all of your accounts.
- Check to see if any of your accounts have been breached. By checking websites such as “Have I Been Pwned?” you can see whether any of your details have been breached and released. It should go without saying, but these passwords should be changed as soon as possible.
- Make use of a password manager. Password managers ensure that no matter how unique your passwords get, you never forget about them. Most modern web browsers have password managers built-in, but there are free solutions available also, which are compatible with most devices.
How can organisations educate their employees?
Like many things, human error plays a pivotal role in cybersecurity breaches with Nordpass research finding Fortune 500 companies were affected by 15,603,438 password breaches.
Employees are the front line of all businesses, so ensuring they are adequately trained and educated in the importance of password security is crucial.
Password security is no joke, especially when simplistic passwords can potentially cause massive data breaches for businesses.
At Bob’s Business, we can provide you and your employees with the awareness and training needed to take cybersecurity seriously.
Don’t believe us? After just one year of Bob’s Culture, our clients have seen password sharing fall by 39% and password reuse fall by 13%, highlighting just how effective the right kind of training can be.
With hundreds of engaging and interactive courses, it is why thousands of companies choose Bob’s Business to boost their knowledge and empower their teams.
Learn more about our cybersecurity awareness courses, which cover everything from making the perfect password to GDPR compliance, and view our full course catalogue here.