A study by NordPass, a password management software company, exposes the pervasive use of the notoriously weak password “123456,” held by a staggering 45 million surveyed accounts.
The second and third most popular passwords, “admin” and “12345678,” were found in approximately 40 million and 13.7 million accounts, respectively. In India, “123456” topped the list, safeguarding around 3.6 million accounts, followed by “admin” in approximately 1.2 million accounts.
The study, conducted in collaboration with independent cybersecurity experts, warns that hackers could crack such passwords in less than a second.
The research team analyzed a massive 6.6 terabyte database containing stolen passwords, employing various stealer malware such as Redline, Vidar, Taurus, Raccoon, Azorult, and Cryptbot. The malware logs included passwords and the source websites, with data spanning 35 countries.
The study classified data into verticals, allowing for a statistical analysis based on countries and assuring users that no personal data was acquired or purchased by WordPress. The study revealed a concerning trend among streaming enthusiasts, who demonstrated a propensity for weak passwords compared to users on other popular websites.
NordPass deemed “123456” the “world’s worst password,” ranking as the most common password four out of five times throughout the study’s lifetime. The researchers emphasized that despite technological advancements making passwords harder to breach, malware attacks remain a significant threat to account security.
In response to these findings, NordPass urged users to adopt complex passwords of at least 20 characters, incorporating a mix of uppercase and lowercase letters, numbers, and special symbols. The company also advocated against password reuse across multiple platforms, emphasizing the potential risk to all associated accounts if one is compromised.
The study concluded by encouraging users to conduct regular assessments of their passwords for security and recommended using password managers like NordPass for a safer online experience.
