February 2021 was a record month for data breaches, in which 3.2 billion passwords and cleartext emails were released. This attack was named COMB, or the Compilation of Many Breaches.
But hackers didn’t stop there, in June 2021, the RockYou2021 breach released 8.4 billion passwords.
These numbers are staggering. In just these two data security breaches, 11.6 billion passwords were made public. That is just under 1.5 passwords released for every online user in the world.
This begs the question: how did hackers get these passwords? And how do I stop it from happening to me? Hacking is easier than you might imagine, but so is protecting your passwords.
In December 2021, CyberNews, a cybersecurity editorial, collected data from publicly leaked data breaches to compile a list of the 10 most common passwords. The winners are:
- 123456
- 123456789
- qwerty
- password
- 12345
- qwerty123
- 1q2w3e
- 12345678
- 111111
- 1234567890
Furthermore, out of the 15.2 billion passwords that they combed through, only 2.2 billion were unique.
So, what can you do to keep your passwords safe? Take a moment to look at this list of password do’s and don’ts.
- Periodically change your passwords. Experts recommend every 60-90 days. At a minimum, no less than once every year.
- Don’t reuse your password across multiple services. This is likely the most important tip on the list. Most of us are guilty of reuse, but it would be a shame if a hacker were able to use the password for your online Scrabble game to hack into your bank.
- Use a password management tool like Bitwarden, LastPass or 1Password.
- Never use personal information. You might be shocked to realize how much information a hacker can find out about you from your (or your kids’) social media! Furthermore, hackers can use the year in which someone used their password to derive their age and therefore year of birth (common date used in passwords). Avoid putting dates in your password.
- Avoid common words. We humans are more alike than we’d care to admit. According to CyberNews, there are names, sports teams, foods, curse words, cities, seasons, months and years that are more frequently used. Examples include:
-
- 2010
- The Suns and the Heat
- Abu Dhabi
- Summer
- Ice
- Enable 2-factor authentication. But rather than having a code texted to you, use Google or Microsoft authenticators. These are easy-to-use apps that provide log in codes that change every 30 seconds.
- Remember: Longer = Stronger. Use an 8 – 12 character combo of lowercase and uppercase letters, number and symbols. And use numbers and symbols as a substitute for words. For example, replace “iloveponiesforever” with “I<3p0ni3$fvR”. While you never want to include personal information, you can take a random phrase and add complexity.
Update your passwords for a safer, happier New Year!