NordPass has published the 200 worst passwords of 2021, confirming that a good number of users continue to violate all the rules for their creation and maintenance.
The developer of the password manager of the same name makes an annual list by analyzing the large data breaches that occur in attacks on large Internet services. The result is not good. Large awareness campaigns do not seem to work, and thank goodness that technologies such as double authentication have been added to most services and represent a much-needed reinforcement in view of these listings.
The worst passwords of 2021
The list of the worst most used is regrettable, it is repeated year after year and they confirm that we are a bargain for cybercriminals who do not even have to use advanced hacking methods. Most of the most used, old ones known as «123456», «111111», «qwerty» or «password», take less than a second to decrypt by launching a command that checks the most used ones. And not even that, because with the simple test they would gain access to the accounts.
Particularly in Spain, the breach of basic rules in its creation is repeated in front of the rest of the world:
Passwords are certainly an unattractive method for the user, but they are still the preferred authentication method for accessing Internet services or logging into operating systems, applications, games and all kinds of machines. Until more user-friendly and advanced biometric authentication methods are extended, an effort should be made to create and maintain them. following rules that we know by heart, but that we do not always practice:
- Don’t use typical words or common numbers.
- Do not use personal names, pets or dates of birth.
- Combine uppercase and lowercase.
- Combine numbers with letters.
- Add special characters.
- Lengthen the term with as many digits as possible.
- Do not use the same password on all sites.
- Especially, use specific passwords for banking and online shopping sites.
- And in your case also vary the username.
- Keep the password safe from any third party.
- Reinforce the use of passwords with other supported systems, especially double authentication (2FA) or biometric systems, fingerprint sensors or facial recognition.
- Never reveal the password to anyone.
- Nor in supposed official requests from emails or messages from messaging services since they are usually phishing attacks.
And the help of managers
Password managers they do the work for us, reduce human errors in their handling by automating the process of generating them and accessing websites and services. The passwords created are highly secure complying with the standard norms in size and complexity and another of its great advantages is that the user only needs to remember a master password and the manager will do the rest.
The best known options in password managers are commercial and / or paid web services, but you also have some free and even open source ones like the ones in the previous link, which have the great advantage of auditing the software and keeping the credentials under your control. , installing and self-hosting on our own machine.
Another option is to use the password managers of the web browsers themselves, also free. For example, the most used on the Internet, Google’s Chrome, has its own administrator, the same as Microsoft’s Edge or Firefox, where you have a function called ‘Password Manager’ available, which is one of the best in browsers.