On a given day, it must feel like you enter your password 100 times a day. You use it when you access your email, check your banking app, or log into Instagram to post the amazing meal you’re eating (#nomnomnom). An easy-to-remember password is crucial to getting into all of your accounts, right?
Well, you may not want it to be one of these passwords.
SplashData, a password management provider, compiles a list of the 100 worst passwords every year from leaked passwords. Here are the top 20… are you on here?
1. 123456 (Unchanged)
2. Password (Unchanged)
3. 12345678 (Up 1)
4. qwerty (Up 2)
5. 12345 (Down 2)
6. 123456789 (New)
7. letmein (New)
8. 1234567 (Unchanged)
9. football (Down 4)
10. iloveyou (New)
11. admin (Up 4)
12. welcome (Unchanged)
13. monkey (New)
14. login (Down 3)
15. abc123 (Down 1)
16. starwars (New)
17. 123123 (New)
18. dragon (Up 1)
19. passw0rd (Down 1)
20. master (Up 1)
From this list, a few things are apparent. One, Game of Thrones is clearly increasing the popularity of “dragon” as a password (we keep seeing it go up every year!). And two, we’re not learning from our mistakes, especially when news of major data breaches happens every year. So, what should you do?
Is your password on this list?
Change it immediately. If you’re using a similar type of password for any of your WCM accounts, you can change your password at identity.weill.cornell.edu.
Forget passwords. It’s all about passphrases.
Dictionary words are fairly easy for hackers to figure out. What’s more difficult to crack is a passphrase developed from a short sentence you’ll easily remember. See how it works in this video from TIME (or use a tool like Lastpass to help create, store, and encrypt your passwords):
And don’t forget that two-factor authentication!
Even if a hacker manages to figure out your password, using Duo prevents them from accessing your accounts. Duo sends a separate notification to another device (usually your smartphone) asking you to verify whether it’s really you who’s logging in.
October is National Cyber Security Awareness Month, an annual collaborative effort between government and industry to ensure we have the resources you need to maintain your security online. Throughout October, we’ll be sending you tips on protecting your information and avoiding malicious attempts to extract your personal data. See our past tips here.