Breached Passwords

12127005279?profile=RESIZE_400xCybercriminals use various tactics to determine your passwords, and many people make an effort easier by using weak and simple ones.  A new study from the payment firm Dojo on the most hacked passwords may help you stay safer online by knowing which mistakes to avoid.  From the RockYou2021 collection of breached password lists, Dojo was able to examine more than 6 million such passwords.  As a result, the firm uncovered the most commonly-used passwords, their average length, and the most popular subjects that surfaced in many breaches.[1]

What kind of tricks and techniques do hackers use to try to obtain your password? One popular method is the brute force attack in which cyber crooks use automated tools to run through millions of potential passwords per second.  A similar tactic is the dictionary attack, where the bad guys check common words and phrases to try to guess your password.  Some hackers will scour your social media accounts to find personal details that may affect your passwords.

Sent via email, text message, or phone call, the phishing attack is another popular scheme through which you are tricked into revealing a sensitive password. And sometimes, passwords are stolen through malware that infects your PC without your knowledge.

Based on the findings from Dojo's analysis, the number and type of characters used in a password determine how quickly it can be hacked.  Passwords with only lowercase characters are a popular but vulnerable pattern.  Such a password with only six characters takes virtually zero seconds to crack.  One with seven characters takes 0.12 seconds. And one with eight characters would take three seconds.

Even using a password with an uppercase letter, a number, or a special character does not help much if the password is short or follows a familiar pattern.  Passwords with eight characters that start with an uppercase letter appeared more than 4.5 million times in data breaches.  Those that ended with a special character were found more than 3.5 million times.

Certain subjects and topics also lend themselves to hackable passwords.  Among the themes analyzed by Dojo, nicknames and terms of endearment were used in passwords more than 1 million times.  Names of TV show characters popped up more than 455,000 times, while TV show names appeared more than 365,000 times.  Other popular topics in the breached passwords included colors, fashion brands, cities, countries, movies, body parts, car brands, pet names, swear words, and video game characters.

Analyzing some of the categories, the passwords "King," "Rose," "Love," "Boo," "Hero," and "Angel" were the most popular ones among nicknames and terms of endearment.  Common colors used as passwords were "Red," "Blue," "Black," "Gold," and "Green."  And those who like to use video game characters for their passwords went with such choices as "Joel" (from The Last of Us), "Q*Bert," "Link" (from The Legend of Zelda), "Mario" (from Super Mario Bros), and "Ryu" (from Street Fighter).

Based on its analysis of the breached passwords, Dojo has provided a list of Do's and Don'ts designed to help keep your passwords safer and more secure.

Do's

  1. Use a combination of lowercase and uppercase letters, numbers, and special characters to make your passwords more difficult to hack.
  2. Use long passwords with at least 8 to 12 characters. The longer the password, the more time and effort required to guess it.
  3. Use multi-factor authentication. With MFA, even a hacker who obtains your password cannot sign into your account without that second form of authentication.
  4. Change your passwords. If you're worried that a particular password has been compromised or caught in a breach, change it as soon as possible to safeguard your account.
  5. Use a password manager. Creating and remembering a unique and complex password for every account is almost impossible without some help. A good password manager will handle your hard work, requiring you to keep track of a single master password.

Don'ts

  1. Don’t use any personal information in your passwords. Hackers can often discover your name, date of birth, or pet name through social media and other resources.
  2. Don't use a common or obvious pattern of letters or numbers, such as 1234 or qwerty. Hackers typically try these types of patterns right off the bat.
  3. Don't share your password with other people. If you do, make sure you change it afterward.
  4. Don't automatically save passwords to your browser, especially if other people use your computer or mobile device.
  5. Don't use the same password for multiple accounts. If such a password is ever compromised, the hacker could easily try it on other sites you use. Don’t use your bank password for games or Amazon.

This article is presented at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

 

[1] https://www.zdnet.com/article/these-are-the-most-hacked-passwords-is-yours-on-the-list/

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!