Based on more than 6 million breached passwords, there are certain subjects and patterns you should avoid in your own passwords, says payment firm Dojo.
Cybercriminals use a variety of tactics to try to determine your passwords. And too many people make the effort easier by using weak and simple ones. A new study from Dojo on the most hacked passwords may be able to help you stay safer online by knowing which mistakes to avoid.
From the RockYou2021 collection of breached password lists, Dojo was able to examine more than 6 million such passwords. As a result, the firm uncovered the most commonly-used passwords, their average length, and the most popular subjects that surfaced in a huge number of breaches.
First, though, what kind of tricks and techniques do hackers use to try to obtain your password?
One popular method is the brute force attack in which cyber crooks use automated tools to run through millions of potential passwords per second. A similar tactic is the dictionary attack where the bad guys check common words and phrases to try to guess your password. Some hackers will scour your social media accounts to find personal details that may play a role in your passwords.
Sent via email, text message, or phone call, the phishing attack is another popular scheme through which you’re tricked into revealing a sensitive password. And sometimes passwords are stolen through malware that infects your PC without your knowledge.
Based on the findings from Dojo’s analysis, the number and type of characters used in a password determine how quickly it can be hacked. Passwords with only lowercase characters are a popular but vulnerable pattern. Such a password with only six characters takes virtually zero seconds to crack. One with seven characters takes 0.12 seconds. And one with eight characters would take three seconds.
Even spicing up a password with an uppercase letter, a number, or a special character doesn’t help much if the password is short or follows a familiar pattern. Passwords with eight characters that start with an uppercase letter appeared more than 4.5 million times in data breaches. Those that ended with a special character were found more than 3.5 million times.
Certain subjects and topics also lend themselves to hackable passwords.
Among the themes analyzed by Dojo, nicknames and terms of endearment were used in passwords more than 1 million times. Names of TV show characters popped up more than 455,000 times, while TV show names appeared more than 365,000 times. Other popular topics found in the breached passwords included colors, fashion brands, cities, countries, movies, body parts, car brands, pet names, swear words, and video game characters.
Drilling down to some of the categories, the passwords “King,” “Rose,” “Love,” “Boo,” “Hero,” and “Angel” were the most popular ones among nicknames and terms of endearment. Common colors used as passwords were “Red,” “Blue,” “Black,” “Gold,” and “Green.” And those who like to use video game characters for their passwords went with such choices as “Joel” (from The Last of Us), “Q*Bert,” “Link” (from The Legend of Zelda), “Mario” (from Super Mario Bros), and “Ryu” (from Street Fighter).
Based on its analysis of the breached passwords, Dojo has cooked up a list of Do’s and Don’ts designed to help keep your passwords safer and more secure.
- Use a combination of lowercase and uppercase letters, numbers, and special characters to make your passwords more difficult to hack.
- Shoot for long passwords with at least 8 to 12 characters. The longer the password, the more time and effort required to guess it.
- Use multi-factor authentication. With MFA, even a hacker who obtains your password will be unable to sign into your account without that second form of authentication.
- Change your passwords. If you’re worried that a particular password has been compromised or caught in a breach, be sure to change it as soon as possible to safeguard your account.
- Use a password manager. Trying to create and remember a unique and complex password for every account is almost impossible without some help. A good password manager will handle the hard work for you, requiring you to just keep track of a single master password.
- Don’t use any personal information in your passwords. Hackers can often discover your name, date of birth, or the name of a pet through social media and other resources.
- Don’t use a common or obvious pattern of letters or numbers, such as 1234 or qwerty. Hackers typically try these types of patterns right off the bat.
- Don’t share your password with other people. If you do, make sure you change it afterwards.
- Don’t automatically save passwords to your browser, especially if other people are using your computer or mobile device.
- Don’t use the same password for multiple accounts. If such a password is ever compromised, the hacker could easily try it on other sites that you use.