One of the oldest truisms about cyber security is that you should use different and strong passwords for each account you have. And while it’s old news, the threat is still realAccording to a report by LastPass81% of confirmed breaches are due to weak, reused, or stolen passwords. 

Even still, the average person has so many different accounts, it can be tempting to get a little lazy. The Last pass report also shows that the average business user has as many as 91 accounts. And while 90% of users understand the risks, 61% of them continue reuse passwords. 

Top 10 Worst Passwords

Earlier this year, the UK’s National Cyber Security Center and the website Have I Been Pawned released a survey of the passwords most often stolen in data breaches. While the list contains exactly the passwords you’d expect, the number of times these passwords were hacked is pretty staggering: 

(note:  password (# times hacked)

  1. 123456 (23.2m) 
  2. 123456789 (7.7m) 
  3. qwerty (3.8m) 
  4. password (3.6m) 
  5. 111111 (3.1m) 
  6. 12345678 (2.9m) 
  7. Abc123 (2.8m) 
  8. 1234567 (2.5m) 
  9. Password1 (2.4m) 
  10. 12345 (2.3m) 

You might think you’re being sneaky but turns out adding a ‘1’ to the end of ‘password’ won’t save you. Even slightly more complicated passwords still might not be good enough. For instance, according to the survey, the password ‘oreocookie’ was hacked 3,000 times.  

What you Should Do

Whether or not you’ve ever used a password on that list, there are a couple things you should be doing to ensure your passwords are effectively protecting your online accounts.  

Check to see if passwords you’ve used have been compromised. 

 Along with the survey, Have I Been Pwned created a password search function that lets you safely look up passwords you’ve used to see if they’ve been a part of past data breaches.  

Use a password manager 

At this point, there’s really no reason not to use a password manager. Not only are they help make your accounts more secure, they’re incredibly convenient and easy-to-use. You can find plenty of free options that work great for the average user. 

Use randomly generated passwords 

Most password managers and internet browsers now include the ability to automatically generate random passwords. Often, you can set password length and include parameters to use uppercase letters, symbols, and numbers.