Hindustan Times ST (Mumbai) - HT Navi Mumbai Live

What’s the magic word?

If we seem to agree on anything as a species, it would appear to be passwords. The silliest ones remain the most common, and the easiest to hack. Are you a culprit, or a rare outlier?

It doesn’t say much for us as a species that the password “password” was used over 20 million times in 2021. Over half a century after these first became necessary in the digital world, the (let’s just say it) silliest password one could use is still the fifth-mostcommon one in the world, according to software company NordPass. It is also the most commonly used password in India.

Analysts at NordPass, the password-management services arm of digital security company Nord Security, analysed a 4TB database from across 50 countries, drawn from independen­t cybersecur­ity researcher­s, to create its list of 200 most commonly used ones. The list, released in November, is up on nordpass.com, so everyone can try and do better.

At the top of the global list are gems such as 123456 (used over 100 million times in 2021); 123456789 (46 million times); 12345 (32 mn); and qwerty (20 mn). These are all passwords that would take a hacker less than a second to crack.

An unusual variant, at #66, is the name Michael. Is he going around breaking hearts or taking hostages? Who knows. Names are used frequently as passwords, but most countries have a distinct list of favourites. Superman, samsung and fuckyou are among the other surprises on the NordPass global 100.

Dil Hai Hindustani?

Each country has a telling list of specific passwords that are poor as far as password strength go. In India, such passwords include india123 and Indya123; names such as priyanka, sanjay, rakesh; and, particular­ly among women, terms of endearment such as sweetheart, lovely, and iloveyou.

In the UK, a correspond­ing list features liverpool1, arsenal1 and Chelsea; in France, it’s tiffany, loulou, marseille, and doudou. Loyalty and love are all very well, but they make for very poor passwords, analysts say.

So, decades into the internet revolution, why are we still going so wrong? Part of the problem is the sheer number of passwords now required by the average individual. This creates a sort of hierarchy of security efforts. One strives to protect email IDs and social-media accounts, but then there’s Netflix and Amazon, grocery platforms and ticketing apps. According to NordPass, the average person uses between 80 and 100 platforms that require passwords.

This means that “unless you have a clear system, or use a password manager, there is no way to memorise all of these passwords if they are indeed lengthy and secure,” says Gediminas Brencius, head of product at NordPass. “So people tend to go with easyto-remember passwords such as 123456 or their own name, at least some of the time.”

Over and over

This year marks NordPass’s third annual list of most common passwords. Previous lists of passwords that were most insecure, most hackable etc, dating back to 2011, all show similar patterns, however.

“Clearly, human beings think very similarly when it comes to tackling this problem,” says Shivani Singh, digital security and operations manager at the digital advocacy group Internet Freedom Foundation. “Another thing people still do is use personally identifiab­le informatio­n in passwords, like a birthday or a pet’s name or an anniversar­y, informatio­n than be accessed in the public sphere, which makes it susceptibl­e.”

A third bad practice is the repeat and reuse of passwords. It’s tempting to do, especially when the site one is signing up on seems relatively risk-free, say, a free game or sleep tracker.

It’s important to remember, Brencius says, that there’s a lot at stake here too. For one thing, in doing this, one jeopardise­s all the other accounts using that password. “Platforms that don’t hold a lot of sensitive informatio­n often have laxer security measures. So there is a higher chance that this account would get hacked or that the password / login combinatio­n could be used in credential-stuffing attacks (where hackers use compromise­d credential­s to breach another system).”

NordPass, of course, recommends using NordPass for best results. But various other password manager tools are available. Or, you could just use your imaginatio­n. “Just make sure passwords are strong and unique,” Singh says. “People are now using passphrase­s, for instance, like a favourite quote or lyrics from a song.”

AT #1 ON THE LIST OF MOST COMMONLY USED PASSWORDS IN THE WORLD IS 123456. ILOVEYOU IS AT #22; DRAGON AT #38; AND, ODDLY, MICHAEL AT #66