A password, sometimes called a passcode, is secret data, typically a string of characters, usually used to confirm a user’s identity. Recent research by payment firm Dojo has highlighted the vulnerability of popular passwords, emphasising the need for immediate action. Most online platforms require their users to log in with a password, and the variety of online engagement could make users resort to simple passwords commonly used across different platforms.
Dojo says that its study found that over 1.5 million passwords were 8 characters or less, with terms of endearment, such as “iloveyou”, “princess”, and “sunshine”, being the most common password category. Dojo warns that passwords that consist solely of lowercase letters or numbers and are less than 8 characters long are highly vulnerable. For instance, passwords like "purple", "letmein", or "202201" can be guessed in under a second. In contrast, a password like "wednesday1" takes over 2,000 seconds to crack.
They equally found passwords that start with the username and end with numerical numbers like “123” or “890”. Also, keyboard row keys like “qwerty” or “poiuyt” are found largely used as passwords. Longer vulnerable passwords like “1234567890” or “abc123def” and even the word “password” were seen used by users across several platforms.
Dojo warns against using the same password for both work and personal accounts as it increases the likelihood of being targeted. Surprisingly, 51% of people employ identical passwords across different accounts. Hackers exploit this pattern and gain easy access to data. The study identified 365,174 passwords with all lowercase letters and an average length of eight characters, making them susceptible to hacking within three seconds.
In addition, Dojo revealed common password choices of people, such as nicknames, favourite TV shows, clubs, idols, colours, and fashion brands. These easily guessable terms are among the most hackable choices worldwide.
To defend against hackers effectively, ensure your passwords are a minimum of 8-12 characters long and include a combination of special characters, numbers, and capital letters. For example, "Mirr0r!_5912" is significantly more challenging to crack than simply using the word "mirror". More tips on how to create a password that can’t be quickly cracked by an AI “password guesser”.
Set up MFA whenever possible. This additional layer of security requires more than just a password to access your accounts. Also, consider using a reputable hide VPN and password manager to generate unique, strong passwords. This eliminates the need to remember complex passwords and reduces the risk of using personal information that could be easily accessed online.