Report: majority of passwords can be cracked in a second

Friday, 22 January, 2021

Report: majority of passwords can be cracked in a second

Approximately 73% of the most popular passwords people use can be hacked in less than a second, according to data provided by the NordPass password manager. After analysing the top passwords from 2019, NordPass researchers found that 70% of the passwords could be cracked in less than a second — 3% less than in 2020.

The table below details the top 10 passwords of 2020, along with the time it takes to hack them and the number of times they’ve been exposed in various data breaches.

Table credit: NordPass.

Chad Hammond, a security expert at NordPass, noted that millions of people still use generic and weak passwords and don’t hear the message that a strong password is one of the most important measures for those who want to be secure online.

The most common way hackers ‘crack’ passwords is through the so-called ‘brute-force’ attack. It’s an automated, common and effective method to hack people’s passwords. When brute-forcing your password, hackers check if your password is among the most popular. They will also check all the known information you might use for your password, such as your name, address, favourite band, sports team or pet’s name. Hackers might also use a program that will tweak this information by adding more data, such as numbers or special symbols.

Hackers can also translate words into Leetspeak (where ‘password’ becomes ‘p422W0Rd’) or scan ‘rainbow tables’. These are vast sets of tables filled with hash values pre-matched to possible plaintext passwords. Hackers can also check if your other accounts have been breached and whether you’ve reused the same password for another account.

“That’s why it’s so important to use unique passwords for all accounts. Unfortunately, according to our survey, 63% of people reuse their passwords,” said Hammond.

Hammond recommends using strong passwords that are lengthy and contain letters, numbers and special characters. In addition, the passwords must be unique for every account. Using multifactor authentication is also encouraged, to further enhance protection.

Top image credit: ©

Related News

Phishing attacks surge 450% as attackers exploit SEO

Phishing attacks have surged 450% in the last year as attackers become increasingly adept at...

White paper uncovers occupational fraud risk

ANZ organisations face an increased risk of occupational fraud due to the combined factors of the...

Google, Apple, Microsoft commit to extending FIDO support

Apple, Microsoft and Google have all committed to offering extended support to the FIDO...

  • All content Copyright © 2022 Westwick-Farrow Pty Ltd