Imagine a car that has been abandoned for a long time by its owner with the keys in the ignition and the door wide open. Does it look abstract? Meanwhile, many people act recklessly, leaving hackers a properly open door to their online accounts. All thanks to easy-to-decrypt passwords.

Even the most sophisticated security systems lose their potency when common sense fails. This applies not only to online accounts, but also to any valuables and real estate. Today we will focus on the effectiveness of (in) some passwords for logging into banking transaction sites, social networks, email boxes and other profiles on the web.

We will be helped by SplashData security experts who regularly publish a list of the most frequently occurring passwords in a given year. As you can guess, the more popular the password is among the users, the higher the chance of hackers getting into it. At the outset, it should be noted that most of the entries in the list are repeated almost year after year.

SplashData has also released alarming statistics – according to the company’s experts, every tenth Internet user uses at least one password from the top 25 users in the ranking .

The worst account passwords are in front of you. If you care about the security of your profiles and accounts on all kinds of websites – including transaction sites – you should definitely avoid them.

difficult numbers

In the list of SplashData (you can read it here) numerical passwords always prevail. In theory, there’s nothing wrong with that – after all, randomizing numbers can lead to billions of possible combinations. The problem is that some people show excessive order correlation in this case, arranging the numbers in a predictable way.

Thus, for years, the most frequent slogan was “123456”. In 2017, the top ten were also occupied by “12345”, “12345678”, “123456789” and “1234567”. For the sake of formality, let’s add that adopting a similar key is equally unwise when determining the PIN of a payment card – therefore it is definitely not recommended to use combinations in the style of “1234”, as well as PINs consisting of the same number repeated four times.

Laziness – the main sin of Internet users

If the creativity of network users were to be judged on the basis of the passwords of their accounts and profiles, in many cases such an assessment would be overwhelming; Because how about someone who comes up with an “original” idea and puts up a tagline… “password”? Meanwhile, Password took second place in the SplashData ranking again in a row. A little lower are regular phrases such as “login”, “admin” or “kochamsi” (“iloveyou”).

Laziness also leads Internet users to choose logos that are less complicated to write. This category includes, among others “Qwerty”, “1qaz2wsx”, “1qw2we” or “aaaaaa”.

As you can see, the lack of creativity coupled with laziness is – from a hacker’s point of view – a perfect combination. So before you decide on a password like “letmein”, remember – the same desire recurs in the mind of a hacker trying to crack the “unconventional” password of your account.

Obvious facts of life? bad idea

The ranking shows that many netizens tend to base their slogans on facts from their lives. The problem is that they often relate to aspects that are (or may be) known to the public. Favorite Hobby, Band, or Movie – In the age of social media, having such information is not a problem. This is evidenced by the presence of terms such as “football” or “starwars” in the list.

It is no different in the case of the names of partners or children and important dates, for example a wedding. For obvious reasons, we won’t find inventions like “julka2011” or “aniaikrzys07” in the list of the most cracked logos, but the fact remains – putting up a similar logo is a very bad idea.

Never forget to create important passwords based on the information you make public on Facebook! The same applies to every more or less important fact of life known to anyone but yourself.

Convenience for the user = convenience for the hacker

It is hard to find any other explanation for the above passwords other than user convenience. Most of us do not have one account, not several, but at least dozens of accounts on different websites. It is true that many of them – such as the profile on the fishing enthusiasts forum – are not of much value to pirates. Another thing when it comes to accessing electronic correspondence or a bank account.

It is clear that remembering all the logins and passwords we use to log into the network is not easy. This is why many of us prefer to go the easy route by applying the same security measures to all accounts.

What about the password for the bank’s transaction service?

In the case of accessing online or mobile banking, it is likely that it will not be possible to set a password that is too weak. This is because the banks have their recommendations on this.

The first potential obstacle for the hacker should be the login itself, which will certainly not be a regular email address (this way you can log in, for example, on your Facebook profile). The login in the electronic banking of one bank may be, for example, a random sequence of numbers assigned to the customer from top to bottom, and for another – the first three letters of the first name and surname with a sequence of 4 numbers.

In turn, we set the password for banking on our own, although we don’t have complete freedom here. Most often, it requires the presence of uppercase and lowercase letters and numbers at the same time, which effectively protects customers from unwise abbreviations. However, not quite – there is always a temptation to base the motto even on the mentioned facts from life. So there is room for mistakes.

The protection of our funds – in addition to the login and password – is guaranteed by authorization codes, without which we will not carry out transactions (especially for large amounts). The problem is that an increasingly popular method of delegation is, for example, approving an application-level process. In such a situation, the only thing the hacker has to do is … access the mobile banking system, that is, get acquainted with our login and password; So we’re back to square one.

What should be a strong password?

Since we have already indicated the lack of responsibility for those who do not take the issue of choosing passwords for accounts and profiles on the Internet seriously enough, it is worth introducing the topic on the other hand – how to make our password a certain obstacle for a hacker?

Passwords made of uppercase and lowercase letters, randomly arranged numbers, and special characters, in a funky configuration, work best. Such combinations are hard to break. However, their drawback is the difficulty in remembering the user, but – as they say – “something for something”.

In theory, there are ways to deal with this problem, but not all of them should be completely trusted. For example, watch out for the option to remember passwords offered by browsers. It is enough for an unauthorized person to gain access to your computer, and the security of the information stored in your online profiles will be at risk.

The best solution would be to use a password manager, a special computer program. It stores all our login details. Access to it is protected by one strong password and this is the only sequence of characters we have to remember in this case.

If you want to know more rules regarding secure password use, please read this text . We also describe how three sample password storage applications work.

The passwords in SplashData anti-Ranking are just the most obvious examples of unwise password choice for online accounts. Even if your online banking or email password isn’t easy to guess, it can still cause problems. It is important that you use common sense when creating and using a password and not make life easier for hackers. Remember: a password should be a real protection for your data and money, not just an illusion!