Over the years, we have spoken repeatedly about the importance of a solid front line of cybersecurity defense – strong passwords. Robust passwords should be of a minimum number of characters, include complex character combinations (small and large capital letters, numbers, and symbols), vary across sites, and be changed periodically, particularly after a site has been hacked. Using password phrases increases your ability to recall complex passwords, or you can employ password managers to organize and protect your site passwords.

All of this is well known. Surprisingly, or maybe not surprisingly, however, these password prerequisites continue to be ignored. The list of worst passwords for 2020 is out, to the delight of potential hackers.  “123456,” “12345678,” “123456789” and “password” again found their way into the top five. Jumping several positions, “111111” held down the #6 position, “123123” was at #7, “12345” was at #8, and “1234567890” was at #9. In a sly attempt to throw off sophisticated, but perhaps not bilingual, hackers, “senha” (Portuguese for “password”) rounded out the top ten, immediately followed by “1234567” at #11, and “1234” at #16 (detecting a pattern?). Possibly reflecting the pandemic-related reduction in sporting events, “football” and “baseball” plummeted entirely out of 2020’s top 20.

According to NordPass, 20 of the 25 worst 2020 passwords can be hacked in less than one second.  Following the guidelines in our Secure Password Creation Suggestions can easily extend that one second to between 180 and 16,000 years. Few hackers have that much patience.

Fix your passwords, starting today. Strive for complex passwords with simple password management, since “simplicity is the ultimate sophistication” (Leonardo da Vinci).