The list of most used passwords of 2022 just released by Nordpass confirms that the majority of users will are still not following the basic rules for creating and maintaining them..
No way kid! Although it must be recognized that passwords are an unattractive security method for the user, they are still the preferred authentication method for accessing Internet services or logging in to operating systems, applications, games and all kinds of machines.
And we don’t seem to be aware of this in light of the list drawn up by the company specializing in password managers and compiled by analyzing the major data breaches that occur each year in attacks on massive services. The result, as you will see, is not good.
The most used passwords of 2022
The list of the worst most used is unfortunate, repeats itself year after year and confirm that we are a bargain for cybercriminals who don’t even have to employ advanced hacking methods.
Most of the most commonly used ones, old familiar ones like “123456”, “111111”, “qwerty” or “password”, take less than a second to decrypt by launching a command that checks the most used ones. And not even that, because with the simple test they would gain access to the accounts. The worldwide list is not to be missed:
Particularly in Spainthe non-compliance with basic rules in its creation is repeated in comparison with the rest of the world and the usual numerical ones abound:
How to create strong passwords
We make it too easy for cybercriminals. We users are by nature “lazy” or careless despite the high stakes involved in exposing our digital life that encompasses both professional and personal matters. And financial… The most sought after for obvious reasons.
The recommendation is the usual one. We should make an effort in its creation with basic rules which are included in any cybersecurity manual and indicate the dos and don’ts when creating and using passwords. We remind you of them again:
- Do not use typical words or common numbers.
- Do not use personal names, pet names, or birth dates.
- Combine uppercase and lowercase letters.
- Combine numbers with letters.
- Add special characters.
- Lengthen the term with the largest number of digits.
- Do not use the same password on all sites.
- Especially, use specific and as strong as possible passwords for banking and on-line shopping sites where we expose our financial information.
- Keep the password safe from any third party.
- Never reveal your password to anyone. Neither in supposed official requests from e-mails or messages from messaging services since they are usually phishing attacks that impersonate your identity.
- Vary your user name and e-mail address.
- Reinforce the use of passwords whenever features such as two-factor authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.
- Clean online accounts that we do not use as a regular maintenance task.
- Check to see if your passwords are hacked. Have I Been Pwned is a good place to look.
It is almost impossible for a human internet user to securely manage the credentials to access the hundreds of accounts we are likely to be subscribed to. There is a group of applications that are of great help. Basically, this type of software reduces human errors in the handling of passwords.by automating the process of generating and accessing websites and services.
Of course, the passwords created by these managers are highly secure meeting the standard rules in size and complexity. They also help against phishing attacks by immediately identifying characters from other alphabets and add a huge advantage: we only need to remember a master password and the manager will do the rest.
Surely you are familiar with applications such as the renowned LastPass and other commercial and/or paid applications, but from our practical section we proposed in its day these five open source and totally free solutions that our users liked a lot. The great advantage of open source administrators is the possibility to audit the software and keep the credentials under your control, installing and self-hosting them on your own machine. We remind you the most interesting ones:
KeePass. It is the ‘granddaddy’ among open source password managers and has been around since the days of Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in a wide variety of formats.
Bitwarden. Especially intended for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while Android and iOS have their respective mobile apps. Bitwarden can share passwords and has secure access with multi-factor authentication and audit logs.
Passbolt. A self-hosted password manager designed specifically for work teams. It integrates with online collaboration tools such as browsers, email or chat clients. You can self-host the program on your own servers to maintain complete control of the data, although teams without expertise or infrastructure can use a cloud version that hosts it on company servers.
Psono. Psono is another option for teams looking for open source enterprise password management software. This is a self-hosted solution that offers an attractive web-based client written in Python, with source code available under the Apache 2.0 license.
Teampass. A team-oriented manager with an offline base mode that we like, where you export your items to an encrypted file that can be used in offline locations. Teampass is not the prettiest application in the world, but the design is tremendous and you can quickly define roles, user privileges and folder access.
Managers in browsers
If you don’t want to use third-party handlers, another option is to use the password managers of the browsers themselves.. Chrome, the leader in the segment, has improved its performance and capabilities considerably in the latest versions by including features offered by the specialized ones above, such as detection of compromised passwords, warning when you create a weak one, or very simple editing of the password in the manager itself.
The manager stores them securely, allows their management in chrome://settings/passwords and uses them to fill in the username and password fields the next time you visit a website. Very similar to what Mozilla has been doing for Firefox with its ‘Password Manager’. which is one of the best in web browsers. Microsoft’s new Chromium-based Edge also has its own manager that offers the basics of a dedicated manager.
A further reminder this World Password Day 2021 to raise awareness of the need to invest a few minutes of your time in attending to a crucial element for your Internet security and that of your digital home. And there are no excuses. We have the information and the means. Let’s not make it so easy for the enemies of others..