Password Habits in 2021 - Are We Making Any Progress?

It is the time of year when security researchers start doing annual reviews of various security practices, trends and developments. One of the most curious topics among those is password habits and the overall level of password hygiene practiced by regular users.

Security firm Nordpass published its annual review of password practices and commonly used passwords, using collated data from 50 different countries across the globe. Sadly, the results are not encouraging at all and show no meaningful improvement in the way people choose their passwords.

The data used by Nordpass comes from a massive database of leaked passwords, which contains 4 terabytes worth of records. The majority of those passwords were collected from North America, Europe, Australia and Russia.

The breakdown of the most commonly used passwords for 2021 looks as follows:

  • 123456 (103 million instances)
  • 123456789 (46 million instances)
  • 12345 (32 million instances)
  • qwerty (22 million instances)
  • password (20 million instances)
  • 12345678 (14 million instances)
  • 111111 (13 million instances)
  • 123123 (10 million instances)
  • 1234567890 (9 million instances)
  • 1234567 (9 million instances)

If anything, this shows that people have still not learned how to construct a strong password, despite the security and infotech industry trying to drive that concept home for years.

Curious bits found in the password database also include the frequent use of first names as the password - another string that is guessable practically immediately, using simple dictionaries. Extremely easy to guess names of music bands and football clubs were also commonly used on websites and services related, respectively, to music and football.

Following a period where it was generally advised to use a mixture of letters, symbols and numbers, this trend has now been gradually replaced with a different approach to passwords. At the end of the day, with the computing power available currently, the only thing that matters when it comes to brute-forcing a password is length.

In this sense, coming up with some incredibly complicated string you will struggle to remember and will probably need to keep on a piece of paper in your wallet, has been replaced with choosing a string of four or more medium-length words, providing ample length and sufficient entropy at the same time.

In this sense, a password such as "L1verpo0lisB3st09$" is less secure than a simple phrase that makes sense to you and which you can memorize much more easily, such as, for example, the string "GiraffesFeelSadDuringWinter".

By Zaib
November 17, 2021
Computer Security
English
November 17, 2021
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Password Security

Do Men and Women Have Different Password Management Habits?

There is no point in fueling the battle of the sexes. We live in the 21st century, and, hopefully, we are all aware that both men and women are equals and deserve the same respect. That being said, it is... Read more

July 22, 2020
Password Security

How to Teach Kids Safe Password Habits When They Like Sharing?

As we all (should) know by now, the password is our main line of online defense. Without a strong password, anyone could hack our social media, our bank accounts, emails, etc and cause all sorts of damage. So it's... Read more

August 3, 2018
Tips

Adopting Good Password Habits in the Work Environment

Here's something you'll probably be interested in: some experts seem to think that if you're doing a good job of protecting yourself online, your employer should give you more money. They argue that cybersecurity... Read more

June 26, 2018
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.