A new study by UK card machine provider, Dojo, has revealed trends in the passwords most exposed to hacking breaches worldwide. The data is interesting for cyber insurers, as it offers some clues in terms of advice that needs to be given to policyholders.
People tend to use easy-to-remember passwords across multiple accounts due to convenience, we all know that. Many of these passwords involve accessible personal information, like a birthday or pet’s name. As breaches are getting bigger, simple passwords put many at risk of being hacked – but passwords related to some themes and topics are easier to guess than others.
Analysing NCSC data on over 100,000 breached passwords, Dojo was able to categorise the top hacked passwords into over 30 categories, from sports to star signs. By seeing which category had the most breached passwords, the study can reveal the password subjects you should avoid to stay secure online.
Out of all the categories studied, the top spot for the most commonly hacked password was those involving pet names/terms of endearment. The top 20 phrases in this category were included in 4,032 of the most commonly hacked passwords studied. The top three pet names used in passwords around the world were ‘Love’ (1,492), ‘Baby’ (417) and ‘Angel’ (330). IE will take a wild guess and add `Babe’ to that list.
‘Names’ and ‘Animals’ come in the top 3 most hacked passwords types – followed by ‘Emotions’, ‘Food’ and ‘Colours’
Names ranked as the second most commonly hacked password category with 3,913 of the top 20 names being included in breached passwords. The data shows the most common names that are hacked are ‘Sam’ (313), ‘Anna’ (300) and ‘Alex’ (240).
Ranking closely behind in third were animals, with 2,112 hacked passwords which included the 20 most popular animals. Passwords including ‘Dog’ (354) and ‘Cat’ (265) were the most frequently hacked in this category. With the increase in pet ownership during the pandemic, it is no surprise these furry companions are a go-to choice for many peoples passwords.
Further down the list in 12th place were Brand names. Companies such as Apple (98), LinkedIn (36) and Google (29) were popular choices for some people’s passwords. (Seriously? People used LinkedIn as a password?? – Ed) Car brands, in particular, are often used and hacked with the top 20 motoring brands being featured in 606 of the breached passwords – including Ford (74), Honda (74) and Audi (43).
WHAT’S YOUR SIGN BABE?
Meanwhile, in 20th place for astrology lovers that chose to incorporate their star sign into their password, it was Leo (101) (Yep, typical super confidence from Leo there, they never think they’ll be hacked – Ed) that was the most commonly hacked, followed by Scorpio (30) and Gemini (25).
Easy to remember sequences of numbers and letters are among the most commonly hacked passwords, according to new data
Passwords with obvious sequences of numbers like ‘1234’ or letters like ‘qwerty’ (which are letters from the top row of the keyboard) were also among frequently hacked passwords. These sequences are easy to remember which is why people use them as passwords, but they are also a risk as they are just as easy to guess and require no personal knowledge.
YES, SOME PEOPLE STILL USE 123456.
According to NCSC list the 5 most commonly hacked passwords with the most users:
123456 (23.2 million users)
123456789 (7.7 million users)
Qwerty (3.8 million users)
Password (3.6 million users)
1111111 (3.1 million users)
Passwords with a combination of characters, numbers, and symbols are less likely to be hacked as they are harder to guess. To keep your password more secure, use a random combination of these that is memorable only to you.
How do passwords get hacked?
Attackers use a variety of techniques to discover passwords, exploiting a range of social and technical vulnerabilities. These include:
Tricking someone into revealing their password via social engineering (including phishing and coercion)
Using the passwords leaked from data breaches to attack other systems where users have used the same password
Password spraying (using a small number of commonly-used passwords in an attempt to access a large number of accounts)
Brute-force attacks (the automated guessing of large numbers of passwords until the correct one is found)
Dictionary attack (where attackers run through common words and phrases, such as those from a dictionary, to guess passwords)
These techniques are widely available and documented on the internet, and many use automated tools requiring only moderate technical skills.
TWO STEP VERIFICATION
Using a password manager to create unique passwords and using multi-factor authentication (MFA) across all websites are some of the recommended ways to improve password security and make it difficult for attackers to steal your passwords and access your data.
Frequently check a breach notification site to see if any of your passwords have been leaked in any data breaches. If it has, change your password for that account immediately.”