73% of the world’s most popular passwords can be cracked in less than a second
How do hackers hack passwords? It’s easier than you think
20 January, 2021. According to the data provided by the NordPass password manager, 73% of the most popular passwords people use can be hacked in less than a second.
Here are the top 10 passwords of 2020, along with the time it takes to hack them and the number of times they’ve been exposed in various data breaches.
| Password | How long would it take to crack it? | How many times has it been exposed? |
| 123456 | Less than a second | 23,597,311 |
| 123456789 | Less than a second | 7,870,694 |
| picture1 | 3 hours | 11,190 |
| password | Less than a second | 3,759,315 |
| 12345678 | Less than a second | 2,944,615 |
| 111111 | Less than a second | 3,124,368 |
| 123123 | Less than a second | 2,238,694 |
| 12345 | Less than a second | 2,389,787 |
| 1234567890 | Less than a second | 2,264,884 |
| senha | 10 seconds | 8,213 |
Interestingly, last year, after analyzing the top passwords from 2019, NordPass researchers found out that 70% of the passwords could be cracked in less than a second. This is 3% less than in 2020.
“The lesson here is that millions of people still use generic and weak passwords and don’t hear the message that a strong password is one of the most important measures for those who want to be secure online,” says Chad Hammond, a security expert atNordPass.
How do hackers crack passwords?
The most common is the so-called “brute-force” attack. It’s an automated, common, and effective method to hack people’s passwords.
When brute-forcing your password, hackers check if your password is among the most popular. They will also check all the known information you might use for your passwords, such as your name, address, favorite band, sports team, or your pet’s name. Hackers might also use a program that will tweak this information by adding more data, like numbers or special symbols.
They will also translate words into Leetspeak (where “password” becomes “p422W0Rd”) or scan “rainbow tables”. These are vast sets of tables filled with hash values pre-matched to possible plaintext passwords.
In addition to that, hackers will check if your other accounts have been breached and whether you’ve reused the same password for another account. “That’s why it’s so important to use unique passwords for all accounts. Unfortunately, according to our survey, 63% of people reuse their passwords,” says Chad Hammond, security expert at NordPass.
What do cybersecurity experts recommend?
“We recommend that people use strong passwords that are lengthy and contain letters, numbers, and special characters. In addition, the passwords must be unique for every account. Furthermore, it’s a good idea to use multi-factor authentication to enhance your protection even further,” says Chad Hammond, security expert at NordPass.
How did NordPass calculate the time it takes to crack the password?
Breaking a simple 7-character password with no special symbols or uppercase letters can take as little as 0.29s. Add at least two characters, and the time to crack the password will increase to approximately 5 years. However, the time it will take to crack a password also depends on the computer the hacker uses. You can check how long it would take to crack a password here.
ABOUT NORDPASS
NordPass is a password manager powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease-of-use in mind, NordPass allows users to access passwords securely on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app trusted by more than 14 million customers worldwide. For more information: nordpass.com.
