Passwords are often the simplest method of protecting data, but they are also the most vulnerable to cyberattacks. This World Password Day, see below for password security tips and resources including a list of worst passwords of 2021.

Password security tips

Create passphrases

The FBI recommends using passphrases in place of passwords. Your passphrase could include the lyrics of a song, a quote, a statement, or another set of words that are related. Secure the passphrase by adding symbols and numbers, mixing up the words, and including both upper and lowercase letters.

Save your passphrases to a password manager

Passwords for every account and every et up a password manager to store your passwords. You can also use your password manager to generate long, unique passwords for you every time you sign up for an account.

Review your passwords

Do you use the same password/passphrase for more than one account or device? Are your passwords strong? Review your passwords and create new ones as necessary to ensure you have a secure login for all your accounts and devices.

Enable MFA

Multi-factor authentication (MFA) verifies your identity when logging into one of your accounts and adds an extra layer of protection, even if your password is hijacked.

Users must provide two out of three types of authentication in these categories:

Something you know – Passwords or pre-planned responses fall under this category.

Something you have – This could include a smart card, key, or message sent to the user with a PIN.

Something you are – Authentication could include fingerprint scans, facial recognition, or other biometric identification.

Enabling MFA is well worth the few seconds it takes to log in since people who use MFA are at a 99% lower risk of being hacked.

 

Password security resources

Creating, updating and managing all your passwords for all your accounts and all your devices is a big undertaking. View the resources below for faster methods of checking your password’s security, supplementing your passwords, and learning about what types of passwords to avoid.

Password strength checkup

If you want to check the strength of your passwords but aren’t sure where to start, consider entering them into a secure password checker. LastPass’s password checker will indicate the security of your password and provide tips for a stronger password. Kaspersky’s password checker will also tell you if your password can be found in databases of leaked passwords.

Supplementing passwords

Looking for deeper protection than secure passwords can offer? View the Cybersecurity & Infrastructure Security Agency’s “Supplementing Passwords” Security Tip.

Worst passwords of 2021

NordPass compiled a list of most common passwords of 2021 in partnership with a third-party company specializing in data breach research. A four-terabyte database was analyzed to determine the 200 most common passwords of 2021. See below for common themes from the list. 

Numbers

Numerical passwords are often selected when users are in a hurry and do not want to take the time to create a secure password. The worst password in this list was “123456,” which was used by approximately 2.5 million people and required less than a second to hack. The second-worst password was an extension on the first, “123456789.” Other commonly used passwords ranking in the top 10 for most commonly used were “11111” and “123123.”

Sports

If you are a sports fan, you may have more in common with other sports enthusiasts than the game. Unfortunately, passwords with no more than the name of a favorite sport spelled out in lowercase are increasingly common, compared to the number of users for sports passwords from 2020. “Football” was a password for 1.5 million users in 2021, and ranked #60 in the worst passwords list. “Baseball” was used by more than one million people and would take a hacker less than a second to breach.

Names

Is your password comprised of the name of a family member? Common names for passwords are Michael, Daniel, Ashley, Charlie, and Jessica, which can all be hacked in two minutes or less. Don’t let a first name be all that stands between a hacker and your online security.

Letters

Avoiding passwords such as “1password” and “thisisapassword,” is a no-brainer, but don’t assume passwords with supposedly random letters are safe. Letter-only passwords that were used by millions of people last year include “qwertyuiop” (#18 out of 200 most commonly used passwords), “qwertyuiop,” and “asdasd.” The origin of these passwords are clearly from lines on the keyboard.

View the full  2021 “Top 200 Most Common Passwords” list by NordPass: nordpass.com/most-common-passwords-list

Quanterion offers assistance with managing user identities, and can help your organization determine the required level of protection for your system(s) and data. Risk assessments, compliance framework support, and assistance with security policies are examples of other cybersecurity services Quanterion can provide customized to your organization’s needs.

Learn more about Quanterion’s commercial cybersecurity solutions.

Find Quanterion on social media to access password security tips, resources, and more.