# Are your passwords easy for hackers to guess ?



## hollydolly (Nov 14, 2022)

*The company NordPass has released its annual Most Common Passwords report*
*'123456' and 'password' are still among the most popular passwords in the UK *
*'Guest', 'liverpool', 'qwerty', 'arsenal',  'chocolate' and 'monkey' also make the list*
*83 per cent of passwords in this year's list can be cracked in less than a second*
When it comes to setting our passwords, it appears many of us still don't take security that seriously.

That's because new research reveals that phrases including '123456', 'qwerty' and 'password' are still among the most popular around the world.

In the UK, 'password' has overtaken '123456' as the most used password this year, according to NordPass.

*




*

For the first time, NordPass also analysed how pop culture trends influence our password choices.

Among the other most common passwords in the UK are 'guest', 'liverpool', 'qwerty', 'arsenal', '123456789', 'chocolate' and 'monkey'. 

They may sound simple to remember, but the concern is how easy they are to hack.

Around 83 per cent of the passwords in this year's list can be cracked in less than a second, the research shows.

They include 'passw0rd', which is slightly less common than 'password' but no more secure.

Among women in Britain, 'charlie', 'tigger' and 'sunshine' were the most common, as well as 'password', 'qwerty' and '123456'.

Men, however, were more likely to have the likes of 'liverpool', 'arsenal' and 'chelsea' as their passwords, in reference to their favourite football team.

Using a name to secure accounts also remains a common practice of internet users.

In the UK, Charlie, Thomas, Jasper, George, and Jessica were top names used as passwords this year, while the world's most-used people names for password creation were Daniel, Thomas, Jordan, Michael, Marina, and Jessica.

Pre-configured passwords such as 'welcome' and 'guest' are also commonly used to secure accounts.
THE MOST COMMON PASSWORDS IN THE UK​
1. password
2. 123456
3. guest
4. liverpool
5. qwerty
6. arsenal
7. 123456789
8. password1
9. 12345
10. 12345678
11. chelsea
12. charlie
13. abc123
14. liverpool1
15. Parola12
16. football
17. monkey
18. chocolate
19. yuantuo2012
20. letmein


----------



## -Oy- (Nov 14, 2022)

Mine is a mix of upper case, lower case, numbers and symbols. I have variations of it for different sites.


----------



## hollydolly (Nov 14, 2022)

-Oy- said:


> Mine is a mix of upper case, lower case, numbers and symbols. I have variations of it for different sites.


yes mine too.. happy to say that mine isn't on those lists..


----------



## katlupe (Nov 14, 2022)

-Oy- said:


> Mine is a mix of upper case, lower case, numbers and symbols. I have variations of it for different sites.


That is what I do too.


----------



## Alligatorob (Nov 14, 2022)

hollydolly said:


> Are your passwords easy for hackers to guess ?


Probably


hollydolly said:


> THE MOST COMMON PASSWORDS IN THE UK


Well, I haven't used all of those... yet.

I probably do need to do a good password house cleaning.


----------



## Gary O' (Nov 14, 2022)

hollydolly said:


> n the UK, 'password' has overtaken '123456' as the most used password this year, according to NordPass.


Soooooo, I'm not alone on this?


----------



## David777 (Nov 14, 2022)

Passwords for some Internet or computer devices are of trivial concern while others very much not.  For instance, one's home Internet firewall password to the outside public to all one's devices inside is especially important to be strong.  As someone working in computer engineering for many years, it is ridiculous how stupidly many create passwords that reflects the low creative intelligence and wisdom of so many.  Of course we occasionally read in the news where even tech admin people that ought to know better used some simple dumb word letting in ransomware hackers.  Likewise all those that continually need to rely on password recovery processes that are security disasters waiting to happen.  I personally have had an easy system creating many strong passwords I can recall from memory for years, but am sure not going to advertise what that is on a public web site.


----------



## Murrmurr (Nov 14, 2022)

My older passwords were probably EZ. For several years now I always choose computer generated passwords, impossible to memorize, so I keep the ones I care about in a "little black book". I don't save my passwords on my computer except for websites that I use every day or where I've set up auto-payments.


----------



## Murrmurr (Nov 14, 2022)

Dumb passwords is why some websites offer that "two-auth" verification. I hate those....hate that extra step just to read an email or two. I always click "Remind me later" on those offers.


----------



## Purwell (Nov 14, 2022)

Another thing to be wary of are those innocent looking questions on social media.

Who was your favourite teacher?
First pets name?
Where were you born? etc.

These are all security questions.


----------



## Gary O' (Nov 14, 2022)

Purwell said:


> Another thing to be wary of are those innocent looking questions on social media.
> 
> Who was your favourite teacher?
> First pets name?
> ...


Excellent point


----------



## Chet (Nov 14, 2022)

I wrote a program in QBASIC that generated a random password of upper or lower case letters and numbers. It looped through all of the upper and lower case letters and numbers 0 through 9 until I pressed the space bar which then printed the last one. I would do ten of them and add some word at the end. It all goes into the black book.


----------



## Aneeda72 (Nov 14, 2022)

Nope


----------



## Chet (Nov 14, 2022)

David777 said:


> Passwords for some Internet or computer devices are of trivial concern while others very much not.  For instance,* one's home Internet firewall password* to the outside public to all one's devices inside is especially important to be strong.  As someone working in computer engineering for many years, it is ridiculous how stupidly many create passwords that reflects the low creative intelligence and wisdom of so many.  Of course we occasionally read in the news where even tech admin people that ought to know better used some simple dumb word letting in ransomware hackers.  Likewise all those that continually need to rely on password recovery processes that are security disasters waiting to happen.  I personally have had an easy system creating many strong passwords I can recall from memory for years, but am sure not going to advertise what that is on a public web site.


I did not know there was one. Tell us more please.


----------



## Nathan (Nov 14, 2022)

Murrmurr said:


> Dumb passwords is why some websites offer that "two-auth" verification. I hate those....hate that extra step just to read an email or two. I always click "Remind me later" on those offers.


Agreed, it's annoying but 2FA does take security to a much safer level.


> Are your passwords easy for hackers to guess ?


No.  But if someone has physical access to your computer, they own it.  
For retail or financial websites all a hacker has to do is steal that websites database, and all the "difficult" passwords in the world won't do you any good, as they are likely stored in PLAIN TEXT, and not encrypted.


----------



## rasmusjc (Nov 14, 2022)

I have a whole file of computer generated passwords that I circulate on my accounts, and it mostly does not include common combinations of letters making common words.  Strangely enough, even though I've been putting in special characters for years, suddenly a lot of sites are banning special characters.  I wonder why?


----------



## bowmore (Nov 14, 2022)

When I was working I needed access to a number of customer websites. The problem was they all wanted me to change my passwords every 6 months.I came up with a clever way to do it.
I have a book by Michael Jackson listing all the single malt distilleries in Scotland. I started with Abelour12 and worked my way through.


----------



## Nathan (Nov 14, 2022)

rasmusjc said:


> I have a whole file of computer generated passwords that I circulate on my accounts, and it mostly does not include common combinations of letters making common words.  Strangely enough, even though I've been putting in *special characters *for years, suddenly a lot of sites are banning special characters.  I wonder why?


That is peculiar, the only thing I can think of is that symbols such as "%", "@", "^", "#" or "{ }" get confused either at the website login, or in storing to the database.


----------



## rasmusjc (Nov 14, 2022)

Nathan said:


> That is peculiar, the only thing I can think of is that symbols such as "%", "@", "^", "#" or "{ }" get confused either at the website login, or in storing to the database.


Would you believe '!' is especially banned?  I found that out on some sites.


----------



## Nathan (Nov 14, 2022)

rasmusjc said:


> Would you believe '!' is especially banned?  I found that out on some sites.


Don't tell anyone, but I was able to use the "!" in my gmail account password.


----------



## iksentrik (Nov 14, 2022)

Nathan said:


> Don't tell anyone, but I was able to use the "!" in my gmail account password.


The only site that hasn't let me use special characters is my banking site, go figure.


----------



## Nathan (Nov 14, 2022)

iksentrik said:


> The only site that hasn't let me use special characters is my banking site, go figure.


I'm sure there's an explanation for that somewhere...in the deep, dark recesses of some web-design / code creature.


----------



## Purwell (Nov 14, 2022)

I think they vary on different keyboards.


----------



## Georgiagranny (Nov 14, 2022)

Newsflash! Hackers don't "guess" your passwords. They have their methods for getting passwords but guessing isn't one of them.

Make your passwords with no rhyme or reason and incorporate symbols, upper and lower case letters, within the "words".

This info on good authority. DS is a cyber security expert, complete with credentials.


----------



## Blessed (Nov 14, 2022)

It makes me think bakc to my working days.  Remember that old timey thing called a rolodex.  We never saved a password on a website.  We all had a rolodex.  We changed passwords every 3 month.  That information as never shared by email.  New passwords were shared at a quarterly meeting to staff.  Keep in mind there were only 5 or 6 of us.  We worked with so many vendors that things had to kept safe.  I was in the printing business. 

 A lot of we worked on was printing of checks for large corporations, government offices both in and out of state, voter registrations for various counties, jury summons for special trials.  When you have access to that kind of information you must be diligent in protecting information.  The companies I worked for were also diligent in checking all information/references in all emloyees that were hired.  

I really enjoyed my work and took great pride in helping our clients avoid fraud of any kind.
There is a lot to be said of people who enjoy theirs jobs and want to do the right thing, even if it causes a problem that has to be solved. That happened many times, but in the end the client was protected. If they did not take the necessary steps, we would not accept the job.


----------



## Lewkat (Nov 14, 2022)

I don't think so.


----------



## Sassycakes (Nov 14, 2022)

*I use a different password for every site. I write them down in a notebook so I can remember all of them. I use a mix of capital letters, regular letters, and symbles +numbers.*


----------



## ManjaroKDE (Nov 14, 2022)

Worked at a defense plant for 35 years in IT.   It was susposedly a security violation if you had your passwords written down and on your person,  Never heard of anyone getting in trouble because of it though.  Probably an 'urban legend' that was circulated in IT.  A few years back my grandson showed me a way to remember them using upper/lower case, special characters and numbers.   Still use the method & usually change them every 90 days.


----------



## Muskrat (Nov 14, 2022)

I suppose my theory that my passwords are safe as long as noone has an interest in hacking me would not fly here. But that is what I believe. I also believe that should a good hacket be intent upon hacking me my changing my password would not save me.


----------



## Lavinia (Nov 14, 2022)

I use phrases which are personal to me...such as 'mum2three'. The one I use on this site is one of my many addresses. Hopefully that makes them a little harder to guess, unless you know me.


----------



## Ruthanne (Nov 14, 2022)

I hope not.  I have changed many to make them much harder to guess.  I copy them into a journal style book.


----------



## ManjaroKDE (Nov 15, 2022)

Muskrat said:


> I suppose my theory that my passwords are safe as long as noone has an interest in hacking me would not fly here. But that is what I believe. I also believe that should a good hacket be intent upon hacking me my changing my password would not save me.


Thieves in general do not like to ply their trade at a well lite, shurbery-free, dog presence domicle.  That's what casing accomplishes.  The easier the mark's security is the better.  Using the general rules for passwords might deter/delay the crook, they will move onto greener pastures or so you hope.


----------



## Nathan (Nov 15, 2022)

Muskrat said:


> I suppose my theory that my passwords are safe as long as noone has an interest in hacking me would not fly here. But that is what I believe. I also believe that should a good hacket be intent upon hacking me my changing my password would not save me.


When I was working the "change password every x months'" PIA ritual was mandatory.    I've always felt that good safety practices were more effective than changing passwords.    People would share their workstations with other employees- how dumb!   Of course there's that little 'sticky' note attached to the lover corner of the monitor with...the password!     One of the most common network breach tools is the cutesy email with a clickable link, that hordes of workers would forward to each other.

But yea, changing passwords periodically is a good preemptive practice, like washing your hands after being in public, or before handling food.


----------



## Timewise 60+ (Nov 15, 2022)

Nope, and I give no hints here...I also change them frequently!


----------



## mike4lorie (Nov 15, 2022)

-Oy- said:


> Mine is a mix of upper case, lower case, numbers and symbols. I have variations of it for different sites.


Yes, I try to use 15 - 20 characters in all my passwords... The problem is, now I have a book full of them... it can be a real pain...


----------



## JustBonee (Nov 15, 2022)

Timewise 60+ said:


> Nope, and I give no hints here...I also change them frequently!



Most of mine don't even make any sense to me ...  so guessing  what they are would be out of the question.  
Like Mike,  I have to keep a book of   all my passwords.  I could never remember most of them.


----------



## hollydolly (Nov 15, 2022)

JustBonee said:


> Most of mine don't even make any sense to me ...  so guessing  what they are would be out of the question.
> Like Mike,  I have to keep a book of   all my passwords.  I could never remember most of them.


remember Bonnie.. it's not a person trying to figure them out it's a high tech computer  along with many other ways ...

https://www.itpro.co.uk/security/34616/the-top-password-cracking-techniques-used-by-hackers


----------



## sch404 (Nov 15, 2022)

Since forever I've used a free, open source password vault called KeyPass. All of my passwords are generated electronically, randomly and stored in the KeyPass vault. I don't even know what my passwords are. If an armed person broke into my home, threatened my life and asked for the password for, say, my bank, I would simply tell him/her in all honesty "I don't know." I literally have hundreds of accounts with passwords. I've never been hacked. Never lost a password. My KeyPass vault has a random password that is not written down anywhere. Its only in my brain.


----------



## Jules (Nov 15, 2022)

That was a good article @hollydolly.


----------



## Chet (Nov 16, 2022)

In actuality, I don't have any sensitive information on my computer so if someone were to guess a password they would find nothing of interest.


----------



## ManjaroKDE (Nov 16, 2022)

Delete, useless idiom.


----------



## JaniceM (Nov 16, 2022)

-Oy- said:


> Mine is a mix of upper case, lower case, numbers and symbols. I have variations of it for different sites.


Same with me.


----------



## OneEyedDiva (Dec 26, 2022)

Not in the least. I have a coded system that only my son and oldest grandson know how to decipher. I also use a combination of lower and uppercase letters, numbers and if possible..symbols.  Many sites now prompt users to use all of those and show if your password is strong or not. I use a different password for every account and believe me I have many. I have two factor identification on certain Google accounts, all my financial institutions and personal medical portals.

I used to get on my husband all the time because his were too easy to guess. And I have a cousin who used "password" as her password.  She's a doctor too! I sure hope she changed that.


----------



## OneEyedDiva (Dec 26, 2022)

Nathan said:


> That is peculiar, the only thing I can think of is that symbols such as "%", "@", "^", "#" or "{ }" get confused either at the website login, or in storing to the database.


I've been able to use @ # and $. I have one or two sites that don't accept the use of symbols.


----------



## StarSong (Dec 26, 2022)

sch404 said:


> Since forever I've used a free, open source password vault called KeyPass. All of my passwords are generated electronically, randomly and stored in the KeyPass vault. I don't even know what my passwords are. If an armed person broke into my home, threatened my life and asked for the password for, say, my bank, I would simply tell him/her in all honesty "I don't know." I literally have hundreds of accounts with passwords. I've never been hacked. Never lost a password. My KeyPass vault has a random password that is not written down anywhere. Its only in my brain.


Similar situation here.  The PW needed get into my vault is very long, extremely complicated, and requires 2 factor authentication.  The passwords it generates are complete gibberish.


----------



## timoc (Dec 26, 2022)

The best bet is to make them really, really hard..... like ABC123.


----------

