Passwords are STILL a problem!
December 3, 2024
I received an email from Facebook over the summer asking me if I had changed my password and phone number from Ho Chi Minh City. Ho Chi Minh City?! At the time I was in Paris working at the Olympics but have never been to Vietnam. By the time I saw the message and responded it was too late — Hijackers had taken over my account and despite trying countless options with Facebook and Meta I couldn’t recover it.
Kind of embarrassing for someone who has written and enforced password policies. Not to mention friends and family reaching out about my newest success with cryptocurrency based on the posts that were now on my Facebook account. I thought my password was pretty strong.
I posted a pretty scary article earlier this year involving breached security cameras. A California family’s Nest camera received a fake warning about a North Korean missile launch. In this case, the security lapse was traced back to the camera’s owner.
One of the most common mistakes people make is to reuse the same password on more than one device or service. If one manufacturer or service provider suffers a security breach that exposes usernames and passwords, hackers will try and use those stolen credentials to gain access to other devices and service accounts.
It is recommended to use a complex password for the device as well as any associated applications or services. The password should either be a random nonsensical phrase or have a long string of characters (both lowercase and uppercase), numbers, and symbols. Yet, year after year, millions of people continue to rely on weak, easy-to-crack options. NordPass, a password manager, recently released its annual list of the most common and insecure passwords, and the results are both predictable and baffling.
NordPasshas been analyzing leaked password datasets for six years, compiling lists based on data exposed in malware breaches and leaks. This year, their research includes not just personal credentials but also corporate passwords. The dataset spans 44 countries, offering fascinating insights into how password trends differ worldwide.
The Global Picture
Unsurprisingly, the most common password across the 44 countries analyzed remains the infamous “123456.” Here’s the overall top 20 list:
- 123456
- 123456789
- 12345678
- password
- qwerty123
- qwerty1
- 111111
- 12345
- secret
- 123123
- 1234567890
- 000000
- 1234567
- abc123
- password1
- iloveyou
- dragon
- 11111111
- sunshine
- baseball
Country-Specific Trends
Passwords vary by country, reflecting cultural influences and habits:
- In the US, “secret” takes the top spot, followed by “123456” and “password.”
- Canada’s most common password is “qwerty123,” along with “hockey” and “canada.”
- In Mexico, “123456” leads, with “pokemon” and “alejandro” close behind.
Odd Choices and Corporate Passwords
Some entries are truly puzzling. For instance, in Canada, “9–11–1961” ranks eighth, though its significance remains unclear. Similarly, in US corporate data, “aaron431” is fifth — a potential default password from a specific breached company skewing the data.
Why Do People Still Use Weak Passwords?
Despite countless warnings, weak passwords persist due to convenience and poor password management habits. Lists like these highlight the importance of using unique, strong passwords and password managers to protect personal and corporate accounts. Unless you don’t mind having an experience like the California couple above. Or worse. If you think of all the passwords you use besides the ones for your smart home devices — healthcare, banking, email — there could be catastrophic results. The Facebook hijacking forced me to review my passwords and make some significant changes. Which, by the way, was one of my own password policies — regularly review passwords and their complexity.
Let Debbie and I know if you recognize — or are embarrassed to admit to using — any passwords from the list. Also share any other comments, DMs and emails as we really enjoy hearing from you. Thanks again to all those following Debbie and I through our home building journey. It’s great to hear your success stories and suggestions as we move through the process. And if you like the content I’m posting each week, don’t forget to ‘Like’ and ‘Follow.’
In full disclosure, I’m not an affiliate marketer with links to any online retailer on my website. When people read what I’ve written about a particular product and then click on those links and buy something from the retailer, I earn nothing from the retailer. The links are strictly a convenience for my readers.
