The Weekly Breach Breakdown: Hack Attack – Most Common Passwords in 2024

Summary

• Bitwarden published a survey that showed 25 percent of people around the world reuse the same passwords across as many as 20 accounts. Thirty-six (36) percent said they use personal information in their passwords that can easily be found on social media.
• According to VPN and Nord, the most common passwords are 123456, admin, 12345678 and 123456789. “Password” is number 14, while “password” is number seven.
• Cybersecurity firm Hive Systems published its annual breakdown of how long it takes an identity criminal to crack a password. If 123456 is your password, you can be compromised instantly. However, a 12-character password with just lowercase letters will take 1,000 years to crack. One with upper-and lower-case letters will take four million years.
• The Identity Theft Resource Center (ITRC) just released its annual Consumer & Business Impact Report that focuses on what happens when a person or small business is attacked by identity or cyber thieves. According to the report, most victims change their password after an identity compromise. Also, 30 percent of consumers created a passkey when given the option.
• To learn about the latest data compromises, consumers and businesses should visit the ITRC’s data breach tracking tool, notified. If you believe you are the victim of an identity crime, call or text toll-free at 888.400.5530 or live chat on our website, idtheftcenter.org.

Full Transcript

Welcome back to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s COO and this is the episode for Friday, November 1, 2024. Each week on this podcast, we look at the most recent events and trends related to data security and privacy. Today, we’re going to talk about the most common passwords in 2024 and how long it takes to break them.

On World Password Day 2024, Bitwarden published a survey that showed 25 percent of people around the world reuse the same passwords across as many as 20 accounts. Thirty-six (36) percent said they use personal information in their passwords that can easily be found on social media. Those are not the kind of cyber-hygiene habits we’d like to see people adopt.

Neither are the most common passwords. The most popular password, according to VPN and password manager company Nord, is 123456. It is followed by admin, 12345678 and 123456789. If you thought “password” was the most popular password, your pick made it on The Top Ten list at #7. That’s password with a small “p.” Password with a capital “P” comes in at #14.

How easy is it to break a password? Cybersecurity firm Hive Systems has just published its annual breakdown of how long it and identity criminal to crack a password. Thanks to AI, it’s blinding fast for short passwords. Using 123456 as your password, you can be compromised instantly. Using admin? By the time I finish this sentence, a cybercriminal would be in your account.

If you must use a password, make it long and a combination of letters, numbers and symbols – the longer the better – and something you can remember, like a quote or movie title. A 12-character password with just lowercase letters will take 1,000 years to crack. One with upper-and lower-case letters will take four million years.

The ITRC just released its annual Consumer & Business Impact Report that focuses on what happens when a person or small business is attacked by identity or cyber thieves. There’s some good news in this year’s report when it comes to password habits. After someone has their identity compromised, most victims now change their passwords to ensure they use long passwords and do not use the same password on multiple accounts. Better yet, this year’s report shows 30 percent of consumers created a passkey to replace their passwords when given the option. More of that, please!

If you want to know more about how to protect your business or personal information or have questions about the most common passwords and strong passwords, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, be sure to check out our sister podcast, the Fraudian Slip. We will discuss the finding in our 2024 Consumer & Business Impact Report. Also, just a helpful reminder: don’t forget to turn your clocks back this weekend to regain that extra hour of sleep you lost to Daylight Savings Time.

We’ll return next week with another episode of the Weekly Breach Breakdown.