Take care of the passwords you use, they are a vulnerable point

Having a strong password is one of the main security tips in the digital space, although unfortunately many people do not apply it and “123456”, “admin” and “12345678” were the most used during 2023.

Like every year, password manager NordPass analyzed a database of 4.3 Terabytes of passwords that were exposed in security incidents to find the most used during the year and thus create the “Top 200 most common passwords.”

This research found that “123456” was the most used password in the world during 2023, since it was found in more than 4 million 524 thousand accounts and cybercriminals take less than a second to decipher it.

“It has proven to be the worst password in the world, throughout this study, it was ranked as the most common password four out of five times,” warned NordPass CTO Tomas Smalakys.

In second place was “admin” with more than 4 million accounts, followed by “1234578” and other combinations of numbers that are easy for cybercriminals to guess.

In seventh place was “password” (which means password in English), which for several years has been among the 10 most used.

NordPass also breaks down the results by country and in Mexico the most used was “admin” during this year, followed by “123456”, “12345678”, “password” and “Flores123”.

It stands out that the 20th position on the list of most used passwords in the country is “Yucatan1”, which takes cybercriminals about three hours to decipher.

It must also be considered that Internet users love passwords associated with online games or fiction, for example, “gtasanadreas123” was among the most common passwords in Mexico.

Without forgetting that words that refer to geographical places also end up among people's passwords, in the case of Mexican users the use of “MADRID73” stood out.

Unlike other years, the researchers also analyzed passwords by type of service and found that streaming lovers seem to “hate” them.

This is because, compared to other popular websites, people choose weaker credentials to protect their accounts on this category of platforms. Proof of this is that the first four positions are combinations of consecutive numbers and the fifth is “Netlix”.

While stronger passwords appear in financial services, as people put more care into accounts directly linked to their money.

For NordPass researchers, the research results are worrying because 86% of all web application attacks use stolen credentials and 18% of the most common items for sale on the dark web are online accounts, emails and passwords.

“Although passwords are becoming more difficult to breach due to rapidly evolving technologies, malware attacks are still considered a significant threat to account security,” Smalakys added.

For this reason, new forms of secure authentication are being sought and one option is passkeys.

What it does is that, when entering a website that supports this technology, the user's device generates a pair of keys linked to each other, one public and one private.

The private key is stored on the device and the public key on the web server, so that neither works without the other and if the user successfully identifies themselves using their biometric data, the passkeys match, and the session is started. successfully.

“This technology will help us eliminate those lousy passwords, so users will be safer. However, as with all innovations, we will not adopt passwordless verification overnight,” said the NordPass executive.

He added that there are users who are increasingly curious to try this technology, however, there is still a lot of work to do to spread its use.