It’s hard to find anything good to say about passwords, truth be told. You either hate them or you hate them. While the push for a more secure alternative in passkeys is ongoing, most of us are stuck with password protection for most of our accounts right now. Which is a problem, given high-speed brute-force password attacks on Microsoft users, poor router password security issues, 2FA bypass attacks and sign-in-with-Google hacking tactics being exploited. All of this makes using a strong and secure password a must, something people on this recently published list are most certainly not doing. Here’s what you need to know and the passwords you need to change right now.
Change Your Password Now If It’s On This List
Security researchers from anyIP, a mobile proxy service, have analyzed the results of research undertaken by NordVPN, which revealed the worst 200 passwords being used across 2024. Although I’m not keen on the old-chestnut of “this password can be cracked in less than a second” hacking speeds when it comes to password security or strength because those measurements are arbitrary at best and dangerously ingenuous at worst, there’s no denying that the resulting top ten of “most hackable passwords” is one any user who cares about their account security should be steering very clear of.
The anyIP researchers found that, sadly, all too believably, “password” was the most used of these intolerably weak and useless passwords. The rest of the list wasn’t any more comforting to a veteran cybersecurity professional who has been spreading the word about the importance of secure password usage for three decades, either. In number two spot was the keyboard-crawler of qwerty123 followed by qwerty1 and 123456. Being a U.K.-specific list, this included place names and sports teams specific to Britain, but any geographic region would see a similar weak password pattern emerge; just replace those cities and teams with your own.
“These findings highlight the alarming prevalence of predictable and easily hackable passwords,” Khaled Bentoumi, co-founder of anyIP, said. “Hackers are increasingly using sophisticated tools to breach accounts in seconds, and relying on weak passwords is akin to leaving your front door unlocked.” Bentoumi is not wrong; the idea that convenience still trumps security for many users reflects poorly upon the cybersecurity industry for not doing better and on commentators such as myself for not getting the poor security message across more successfully.
What Users Need To Do Now To Mitigate Password Hacking Risk
As mentioned, moving to a passkey-based login process is recommended wherever it is available. You can try a simple passkey demo at Passkeys.io and see just how painless they are to use and create. The takeaway from the technology perspective is that passkeys are all but impossible, although nothing is 100% secure, for hackers to guess or intercept. They aren’t shared during the sign-in process, and the keys are randomly generated to begin with.
There’s a clue here to making your passwords more secure: randomly generate them using a password manager to ensure strength, complexity and uniqueness. Never reuse your passwords either, although if it’s something like password or qwerty123 that would be the least of your problems.
