Use your head to keep your passwords secure

I received electronic correspondence from an email address that appeared to be a First Amendment attorney who represents our newspaper from time to time.

The email was unexpected, but not implausible, so it piqued my interest. Without a thought, I clicked.

I was informed this particular legal information was confidential and, therefore, encrypted. I was prompted to enter my password.

I followed the instructions and typed my password.

Nothing happened.

Did I mention I had not a thought in my head?

I exited and repeated the process.

Again, nothing.

Uh oh. Suddenly, a thought entered my head.

I probably shouldn’t have done that.

Suddenly, a new email popped in, this one from our IT department, advising if I receive a suspicious email from the very email address I just opened, I should delete it and not click any links. It was a scam.

I sighed. Usually, I’m smarter than this.

Exactly! That’s how they get you!

The good news is I called my IT department and, because someone in my company who is much smarter than I am had set up multiple-step verification, it was unlikely the hacker got very far. Still, I was instructed to change my password. Immediately.

This story came to mind recently when I received a press release about passwords. It came from Nordpass, a password manager for business and consumer clients.

Here’s what I learned.

If your password is “123456,” let me just say when you picked that, you also must not have had a thought in your head, either. You’re not alone.

In fact, “123456” actually was the most common password used in 2023 in the United States.

The second most used password is, well, “password.”

While I never personally chose that password, I admit, there was a time when someone I know used that very password for a streaming service. (Don’t bother trying to figure it out. It has since been changed.) At the time, however, I recall chuckling and thinking that it was very clever. I know now it wasn’t.

Here are some other popular passwords listed by Nordpass: “admin,” “1234,” “UNKNOWN,” “12345678,” “123456789,” “12345,” “abc123,” “Password,” “Password1,” “password1,” and, you guessed it, “12345678910.”

Two others that are popular are “1q2w3e4r” and “qwerty.” If you’re wondering where they might have come from, just take a look at your keyboard, and you’ll figure it out quickly.

According to the Nordpass press release, its study determined that some password trends are reflected worldwide. They include that people use the weakest passwords for their streaming accounts. In contrast, the strongest passwords are used for financial accounts.

Internet users also often go for a relevant brand or company name when creating a password. For example, on smartphone apps, people tend to use easy-to-remember passwords, like “iPhone6s,” “Samsung1,” or “1messenger.”

Numerical sequences (like “123456”) often are used to secure online accounts. Last year, 31% of the world’s most popular passwords consisted of purely numerical sequences, such as “123456789,” “12345” or “000000.”

Using insulting words in passwords also is apparently a common way to express an emotion, but definitely not a secure one. The top insulting passwords are crude, so I won’t list them here — but you can just imagine.

Overall, Nordpass says as many as 70% of the passwords in this year’s global list incredibly can be cracked in less than a second.

So, here are a few password tips.

First, create long, complex passwords containing uppercase and lowercase letters, symbols and numbers.

Second, stay vigilant, especially about downloading anything to your computer. Malware is often distributed via phishing emails.

Hackers generally target passwords saved on browsers.

So, don’t do that — even on your home computer.

Malware attacks steal information saved in your browsers, such as passwords and other credentials, source website cookies, autofill data. In addition to that, it also can steal files from its victim’s computer, as well as system details such as OS version or IP address.

And, if you get emails with encryption requiring that you type in your password, don’t do that either. Unless you know for sure who it’s from and that it was coming.

And most important, before you start clicking on links, downloading stuff and entering passwords, just stop and use your head.


Today's breaking news and more in your inbox

I'm interested in (please check all that apply)
Are you a paying subscriber to the newspaper? *


Starting at $4.85/week.

Subscribe Today