Apparently, you can’t use “beef stew” as a password. As it’s just not stroganoff. Haha! I know bad Dad joke. But all jokes aside, in 2020 has our password security improved since the last year?

If we go back in time to 2015, the commonly used worst passwords were “123456” and “password.” So, it’s a bit disappointing that these worst passwords were still living on in 2020.

NordPass and partners after analysing 275,699,516 passwords that were leaked during 2020 data breaches, found that the most common passwords were easily guessable. In other words, take no time at all for attackers to break into. Not even half of the recorded passwords were considered “unique” at 44%.

Publishing its report late last year NordPass outlined their findings. Most popular were:

  1. “123456”
  2. “123456789”
  3. “picture1”
  4. “password”
  5. “12345678”

As a result, deciphering each password would take a matter of seconds using either:

  • dictionary scripts (compile common phrases and numerical combinations to try a crack the password, or
  • simple guesswork

All, with the exception of “picture1” taking about three hours to decipher using a brute-force attack.

Certainly, we can see a “whatever” type attitude when it comes to Password security, as one of the entrants on the 200-strong list describes the situation. Even if we don’t pick from one of the five above, we’re still not choosing strong options. In other words, there’s a real reluctance to use strong difficult-to-crack passwords. People are choosing instead “football,” “iloveyou,” “letmein,” and “pokemon.”

Based on NordPass’ dataset, the 10 most common passwords of 2020 including the time it takes to crack are:

So how do you choose a strong password you ask?

  • Avoid patterns or repetitions of letters and numbers.
  • Easy words
  • Avoid selecting passwords where the keys are next to each other.
  • Add a capital letter, symbols, and numbers in unexpected places.
  • Do not use personal information as a password, such as birthdates or names. 

Meanwhile vendors need to be vigilant about not allowing simple combinations. And reiterate to users their aim is to protect the privacy and security of users. But on the other hand, it really is our responsibility for our own accounts.

It is hard to remember all those strong complex passwords. So, you might want to think about using a password locker found in password managers and vaults in 2020