Tech

The most used passwords of 2022 are terribly weak

The list of most used passwords of 2022 that Nordpass has just published confirms that the majority of users we continue to break the basic rules for its creation and maintenance.

No way boy! Although it must be recognized that passwords are an unattractive security method for the user, they are still the preferred authentication method to access Internet services or log in to operating systems, applications, games and all types of machines.

And it does not seem that we are aware of this in light of the list that the company specialized in password managers has prepared and that is made by analyzing the large data breaches that occur each year in attacks on massive services. The result, as you will see, is not good.

The most used passwords of 2022

The list of the worst most used is unfortunate, it is repeated year after year and they confirm that we are a bargain for cybercriminals they don’t even have to employ advanced hacking methods.

Most of the most used, old ones known as “123456”, “111111”, “qwerty” or “password”, take less than a second to decipher by launching a command that checks the most used ones. And not even that, because with the simple test they would gain access to the accounts. The world list is not wasted:

Particularizing in Spainthe breach of basic rules in its creation is repeated in front of the rest of the world and the usual numerical ones abound:

How to create strong passwords

We make it very easy for cybercriminals. Users are by nature “lazy” or carefree despite how much we are at stake by exposing our digital life that encompasses both professional and personal issues. And financial… The most sought after for obvious reasons.

The recommendation is the usual one. Must make an effort to create with basic rules that are included in any cybersecurity manual and indicate what to do and what not to do when creating and using passwords. We remind them again:

  • Do not use typical words or common numbers.
  • Do not use personal names, pet names or dates of birth.
  • Combine upper and lower case.
  • Combine numbers with letters.
  • Add special characters.
  • Lengthen the term with the largest number of digits.
  • Do not use the same password on all sites.
  • Especially, use specific passwords and the strongest possible for banking and online shopping sites where we expose our financial information.
  • Keep the password safe from any third party.
  • Never reveal the password to anyone. Nor in supposed official requests from emails or messages from messaging services, since they are usually phishing attacks that impersonate your identity.
  • Vary the username and email.
  • Strengthen the use of passwords whenever functions such as double authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.
  • Cleaning online accounts that we do not use as a regular maintenance task.
  • Check if your passwords are hacked. Have I Been Pwned is a good place to look.

password managers

It is almost impossible for a human Internet user to safely manage the credentials to access the hundreds of accounts that we are surely subscribed to. There is a group of applications that are very helpful. Basically, this type of software reduces human errors in password managementsince it automates the process of generating and accessing websites and services.

Of course, the passwords created by these managers are highly secure, meeting standard standards for size and complexity. They also help against phishing attacks by immediately identifying characters from other alphabets and add a huge benefit: we only need to remember a master password and the manager will do the rest.

Surely applications like the renowned LastPass and other commercial and/or paid ones sound familiar to you, but from our practical section we once proposed these five totally free open source solutions that our users liked a lot. The great advantage of open source administrators is the possibility of auditing the software and keeping the credentials under your control, installing and self-hosting them on our own machine. We remind you of the most interesting:

KeePass. It is the ‘granddaddy’ among open source password managers and has been around since the days of Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in a wide variety of formats.

Bitwarden. Especially intended for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while Android and iOS have their respective mobile apps. Bitwarden can share passwords and has secure access with multi-factor authentication and audit logs.

Passbolt. A self-hosted password manager designed specifically for work teams. It integrates with online collaboration tools such as browsers, email, or chat clients. You can self-host the program on your own servers to maintain complete control of the data, although teams with no experience or infrastructure can use a cloud version that hosts them on company servers.

pson. Psono is another option for teams looking for open source enterprise password management software. This is a self-hosted solution that offers a beautiful web-based client written in Python, with source code available under the Apache 2.0 license.

team pass. A team-oriented manager with a base offline mode that we like, where it exports your items to an encrypted file that can be used in locations without an internet connection. Teampass isn’t the prettiest app in the world, but the design is terrific and you can quickly define roles, user privileges, and folder access.

Managers in browsers

If you don’t want to use third-party managers, another option is to use the password managers of the browsers themselves. Chrome, the leader in the segment, has improved its operation and capacity considerably in the latest versions, including functions offered by the specialized ones above, such as the detection of compromised passwords, the warning when you create a weak one or a very simple edition of it in the own manager.

The manager stores them securely, allows their management in chrome://settings/passwords and uses them to fill in the username and password fields the next time you visit a website. Very similar to what Mozilla has been doing to Firefox with its ‘Password Manager’ which is one of the best in web browsers. The new Chromium-based Microsoft Edge also has its own manager that offers the very basics of a dedicated manager.

A new reminder this World Password Day 2021 to raise awareness of the need to invest a few minutes of your time in attending to a crucial element for your Internet security and that of your digital home. And there are no excuses. We have the information and the means. Let’s not make it so easy for the enemies of others.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *