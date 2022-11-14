The password is a component extremely important to the your internet security: data, devices, accounts and even your own bank account.

However, you want out of laziness, you want out of ignorance, an enormous number of people continue to put very obvious words or words bordering on ridicule, often easily understood if the person in question is known at least a little.

These people insist on making it simple: but IT stubbornness has never led to anything good.

Why this “hatred” towards a good password?

Users, even today, do not seem very convinced that a good password is needed, even difficult to remember in order to be less discoverable: in fact, “123456” has long been the most popular over the previous years and 2022 is no exception.

After reviewing 56 million leaked and hacked passwords in 2022, the research team of Cybernews found that the password “123456” was used in 111,417 cases.

It is disturbing to think that the default passwords used by workers with system access privileges (administrator) are still far too easy for any attacker to guess.

Cybernews experts have found 16,981 matches between passwords with the following names: “admin”, with “root” and “guest” respectively in first, second and third place for the first 20 generic passwords.

The team of the Cybernews site used various word lists to extract the data of various accounts (without identifying the people they belonged to) and grouped them according to the following categories: best passwords to protect themselves, names of famous people, swear words or curses, animals, cities, countries and continents, sports teams (football, basketball, rugby, etc.), food products and finally the names of seasons, months and days.

The team examined databases found on darknet and clearnet hacker forums (where stolen passwords are “available”) and other sources (profiles, accounts, bank accounts, etc.) that were hacked this year.

Why is it important to put good passwords and not weak ones?

Most passwords are subjected to hashing or, in other words, encrypted so that they cannot be found easily.

The problem arises because, unlike encryption, hashing achieves the same result for the same word (string), so, for example, “ant”, another popular password highlighted by the Cybernews.com team, will almost always be hashed in the same output by the algorithm itself.

This weakness allows cybercriminals to “familiarize themselves” with various commonly used password hashes, allowing them to conduct brute force attacks in which they effectively use plausible keywords to unlock systems that are not adequately protected.

In the case of the default passwords discovered by the research team, a scammer with a modicum of cunning wouldn’t even need to employ brute force techniques: admin is the first fairly obvious guess to figure out a sysadmin’s password.

The fact that business and personal computer users are still opting for such simplistic combinations means a myriad of weak password warnings (you know when they tell you on a site to capitalize, number and sign for your password). ? There!) From cybersecurity professionals continue to be unheard of by many people.

But to understand the depth of the problem, it is necessary to examine in more detail the common mistakes made by users.

Discounted passwords: Still a huge problem in 2022

In our top 10 we have:

1 2 3 4 5 6 1 2 3 4 5 password usr 123456789 1 2 3 4 12345678 qwerty 147258369 123

Users who enter passwords continue (despite warnings to avoid it) to enter swear words and names of famous people: with 292,869 cases, the word “ass” ranked first for vulgarity, while the more elegant “king” (70,666 cases ) tops the list for well-known characters, in an apparent reference to the recent coronation of King Charles III of Great Britain and Northern Ireland.

Other popular swearing passwords were “fuck” (79,564) and “shit” (36,388).

Famous soccer players feature in the top 50 celebrity passwords, with “messi” (4,137) and “ronaldo” (4,749), while show business personalities have also proved popular: “gaga” has appeared 5,842 times and “eminem” ”Collected 3,948 matches.

The surname of former US president Donald Trump came last on the list (in fiftieth place, with 2,159 occurrences), a political surname surpassed only by “kennedy” (2,240).

It is not a mere matter of name (or names)

The Cybernews.com team points out that a strong password must not only contain an uncommon name or word, but a variety of characters and cases that increase the difficulty of hacking.

“Complexity equals entropy, which is how much information is stored in a given password“Said Mantas Sasnauskas, leader of the Cybernews research team. “More entropy means data is more chaotic and chaos is good – that’s why it’s important to have randomly generated passwords, because they contain a lot of entropy and are more resistant to brute force attacks“.

He later added: “With most leaks occurring, there is almost always a hashed password involved – attackers are less likely to be able to hash a complex password, that is, with a lot of entropy, and then use it to compromise other accounts.“

Therefore, the research team’s findings that only 1% of observed passwords meet all recommended criteria (uppercase and lowercase characters, numbers, and special symbols like the $ symbol) are even darker news for cybersecurity professionals.

Likewise, only 4% of the passwords observed by Cybernews.com used at least 12 characters, numbers and symbols, as recommended by the cybersecurity industry. Incredibly, 15% only used four, although just under half (48%) managed to reach a length of between eight and eleven.

But any kind of password length will do little to users in terms of cybersecurity if they only use lowercase characters or letters, which was observed in 22% of cases.

The most common combination was a mixture of lowercase letters and numbers, known as an alphanumeric combination (38%) – again, not close enough to the state of complexity advocated by Sasnauskas to be considered safe from brute force and other attacks. find passwords.

It’s not all

Of the passwords examined by the Cybernews team, about half (28 million) were unique, in this case consisting of a single simple name or word such as “dell”.

5.5 million of these unique or specific passwords have been discovered multiple times, suggesting that there are inexperienced people, to equally inexperienced users which words to put.

Other popular passwords included capital names such as “lima” (17,466) and “roma” (17,407) and animal species such as “cat” (122,392) and “rat” (103,284).

It is unclear whether these were chosen for any personal significance to users or, again, simply for their simplicity; however, they represent bad news for users.

It’s not uncommon for big brands to be used as buzzwords for accounts as well.

As well as the most common professions (cook, doctor, etc.)

Why are so many people still not entering the password correctly in 2022?

From personal experience I can say that (unfortunately) many people they are even unaware of their existence, absurd as it may seem, as well as enormously underestimating the problem.

Let me explain: has it ever happened that a friend or acquaintance of yours asks you to recover an account and punctually does not remember the password? Well: I bet you’ve often heard some phrase like “password? I don’t use it“.

This is most likely because the account in question was not made by the user, but from an acquaintance (or friend or relative), therefore without a real direct interaction with the platform.

If we add to this the laziness and ignorance in not understanding that the password is not something optional, we can easily understand how and where the problem lies.