5 Passwords Hackers Can Guess in Less Than a Second

A login screen shows the importance of creating a strong password.

Share This Post

When it comes to generating a strong password, a concerning number of people are uninformed or don’t act on the guidance that’s out there. Cyber security is vital for businesses, and it’s important for personal accounts too. In this post, we’re looking at the top five least-secure passwords and three easy tips on creating a strong password that you can implement to improve your cyber security. A login screen shows the importance of creating a strong password.

What is a Secure Password?

Speaking at an RSA security conference in 2004, Bill Gates predicted the end of the password as we know it. He said: “There is no doubt that over time, people are going to rely less and less on passwords. People use the same password on different systems; they write them down, and they just don’t meet the challenge for anything you really want to secure.” Even now, almost twenty years later, his second statement still rings very true. The average person uses infinitely more passwords than they could have even imagined in 2004, and yet the majority of people remain unaware of how to generate a strong password.

The Worst Passwords

In 2021, NordPass published the most common passwords of the year, and the outcome was a little bleak. In the UK, the passwords used most frequently over the last year were:
  • 123456
  • password
  • liverpool
  • password1
  • 123456789
All of these would take a hacker less than one second to crack. Collate that data with the fact that 52% of people use the same password for multiple accounts (and 13% use the same password for all of their accounts), and the issue becomes clear. But what is the best way to create a password?

Creating a Strong Password

  1. Choose secure passwords
A lot of the basic security guidance for creating a strong password may already be familiar to you – general advice typically includes not using any personal information (like your name, age, date of birth or kid’s name) and adding numbers or symbols. Creating a strong password of completely random characters with long strings of mixed-case letters, numbers and symbols is much harder for hackers to get past, but it will also be much more difficult for you to remember. In fact, the National Cyber Security Centre recommends something easier – the three-word method. What this means is to put together three completely random words, like WindowBottleBread or CanvasGreenOtter. Total nonsense, but this method makes your passwords longer and more random, as well as much easier to remember.
  1. Password managers
Whether at home or work, we believe everyone should have a password manager. Considering that the average person might have hundreds of online accounts, it’s not feasible to expect them to remember a different, complex password for each one. Even the three-word method is only good for one or two passwords before you get muddled in random words. Password managers are painfully underutilised, but they are key to having successful password security. Have a look online; you can often find basic packages for free. We recommend 1Password, which you can use individually, with your family or in your business. You can create a strong password, log it into your password manager, and that’s it sorted!
  1. Don’t expire your passwords
Technology has changed rapidly since the invention of the World Wide Web in 1989, and while password security hasn’t been quite as quick, it’s still very much moving on. People used to believe – and plenty still do – that the most secure password was never stagnant. As a result, many businesses enforced a password expiration programme, meaning that every 30, 60 or 90 days, every worker was forced to change their passwords to something new. This has since proven ineffective, as it doesn’t encourage people to create a strong password. Password expiration means people are more likely to choose easy-to-remember passwords and change them only minimally. For example, their passwords over three expiration periods may be password, password1 and password!. It technically meets the criteria, but it’s definitely not secure.

Two-Factor Authentication

Okay, you’ve picked a perfectly secure password and stored it in your password manager. Of course, you could leave it at that, but with hackers becoming increasingly more sophisticated, one thing to consider is two-factor authentication. This means that even if your password were compromised, a hacker still wouldn’t be able to access your accounts. You can even use two-factor authentication without a smartphone, ideal for business use. You can learn more about why two-factor authentication is important over on our blog. So now you know what the best way to create a password is and how to generate a strong password. However, you should remain cautious of alternate tactics like phishing, smishing and pharming; opening your account to the wrong person, even accidentally, can make your very-secure password redundant. Learn how to spot a phishing email on our blog, or contact us today to arrange an independent security review of your business.

Subscribe To Our Newsletter

Get updates and learn from the best

More To Explore

How to use Microsoft to do

The ULTIMATE Microsoft To Do Tutorial

How do you handle your to-do lists? Do you write tasks on scraps of paper? Or do you pop them in a notebook? Perhaps you have a digital application such as Todoist!  If you’re a Microsoft 365 user, you already pay for a task management system! It is called Microsoft To Do.  We all have

Zero Trust Holy Grail

Is Zero Trust Security The Holy Grail OF Cyber Security?

USA president, Joe Biden, thinks that Zero Trust is the way to go in your cyber security journey, but, what is Zero Trust, and what does it mean for your business?  When it comes to your business, I’m sure you’ve got a strategy in place for how you’re going to win new business, market your

Scroll to Top