By now, you’re probably familiar with common advice surrounding online passwords. Don’t use a sequence of numbers. Don’t use your name. Don’t reuse the same password for all of your accounts.
And yet, despite the stress on such tips by experts year after year, most people ignore them.
Some 81% of hacking-related data breaches stem from poor password security, according to Verizon’s 2017 data breach investigations report. And with the rise of remote work and learning in the wake of the pandemic, it’s a bad habit that needs to be squashed. That starts by knowing what not to do.
ID Agent, a dark web monitoring company owned by IT software company Kaseya, says it identified the most common stolen passwords found on the dark web in 2020 based on a scan of nearly 3 million passwords.
What’s the dark web, you ask? The dark web is a part of the deep web, an area of the internet that doesn’t get indexed and cannot be found by a search engine.
“The dark web can only be accessed through a specific browser that provides anonymity to its users,” said Mike Puglia, chief strategy officer for Kaseya. “Though not all content on the dark web is malicious, cybercriminals use the dark web for various illegal purposes, including the sale of stolen credentials.”
20 Most Common Passwords Found On The Dark Web
Based on the top 250 passwords they discovered on the dark web, ID Agent said the most common categories used to generate those passwords include sequential strings of numbers, names, sports references, famous people or characters, and more.
Fifty-nine percent of Americans use a person’s name or birthday in their passwords, while 33% include a pet’s name and 22% use their own name, the company said. The average user also reused their bad password 14 times.
Here’s a look at the top 20 passwords found on the dark web in 2020:
- 123456
- password
- 12345678
- 12341234
- 1asdasdasdasd
- Qwerty123
- Password1
- 123456789
- Qwerty1
- :12345678secret
- Abc123
- 111111
- stratfor
- lemonfish
- sunshine
- 123123123
- 1234567890
- Password123
- 123123
- 1234567
The analysis also identified the most common words used within various categories of passwords. For instance, it found that “maggie” was the most common name among the top 250 passwords on the dark web. Sports lovers like to include the word “baseball” most often in their passwords. “Newyork” was found the most often among cities that were used, and “cookie” was the most common food word.
How To Avoid Having Your Password Hacked
Worried your password is too similar to some of those mentioned above? In order to protect yourself against identity theft, data breaches and other fraud, it’s crucial to create passwords that can’t be guessed by cybercriminals. Here are a few ways to do that.
Don’t use names.
It might seem a bit obvious, but putting your name ― or the name of a close family member ― in your password makes it much easier for hackers to guess. In fact, at least 92 of the top 250 most common passwords found by ID Agent were first names or variations of first names. Instead, come up with a nonsensical phrase that only you would know.
Mix up your numbers.
Notice how many of the top passwords found on the dark web were some variation of “123?” Thirty-five of the top 250 most common passwords, including 12 of the top 20, contained sequential numbers. Don’t make it that easy for hackers. “Individuals should create passwords that include a combination of numbers, symbols, uppercase and lowercase letters that are non-sequential,” Puglia said.
Create a unique password for every account.
If you reuse the same password for every account, you make it that much easier for criminals to hit the jackpot if they figure out what it is. According to Puglia, about 39% of people say most of their passwords across both their work and home applications are identical. If you can’t think of that many unique passwords, password generators can help with that. Google Chrome has the function built in, or you can try tools such as passwordgenerators.net or LastPass.
Use a password manager.
Puglia said that the average U.S. adult has between 90 and 135 different applications that require a set of credentials. Clearly, no one could memorize that many. “The best way to keep track of numerous passwords is to use a secure password manager,” he said. These tools prevent you from storing passwords on your phone or tablet, a common habit that makes it easier for cybercriminals to get their hands on your credentials. Some options include LastPass, Keeper Security or 1Password.