A study published last December by SplashData found that nearly 5 million passwords were compromised last year by various hacks, and some of these compromised passwords were woefully inadequate in terms of complexity.

Compromised passwords are still one of the top ways in which data is lost, emails are compromised, and how consumers lose data.  Many consumers are still using some of the old bad passwords that have time and again been listed as some of the worst combinations to use for their online accounts.

Here's a list of the top 25 most compromised passwords from 2018:

  1. 123456
  2.  password
  3. 123456789
  4. 12345678
  5. 12345
  6.  111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou
  11. princess
  12. admin
  13. welcome
  14. 666666
  15. abc123
  16. football
  17. 123123
  18. monkey
  19. 654321
  20. !@#$%^*
  21. charlie
  22. aa123456
  23. donald
  24. password1
  25. qwerty123​

As Managed IT Service providers, we've seen our share of terrible passwords, and that's why we know how imperative it is to take your online security seriously.  Hackers don't have to rely on sophisticated methods or tools to compromise an account; in most cases, they will try brutally forcing their way into an account by guessing a password like the ones listed above.  Make it harder on their lives by using a password that is not so easy to simply guess.

Want to check and see if you have an account that has been compromised? Check out the following site: haveibeenpwned.com

Hackers and other cybercriminals may use your login information to access other sites that use the same credentials.  This is why it's important to, at the very least, use a unique password to protect sensitive data, like financial accounts and medical records.

Despite the inefficiencies presented by using passwords as a security protocol, their use to protect account data isn't going anywhere anytime soon.  We recommend following the advice below to keep your accounts secure in 2019 and beyond.

  1. Don't use personal information in your password: Don't use personal information like your name, birth date, children's names, street addresses, or anything else that can be easily guessed or found out from public facing sites like social media accounts.
  2. Make it easy to remember, but not simple: Length is key to increasing complexity in a password, but it's not the only thing that can be used to increase security.  Using a long string of characters that is meaningful to you is helpful, but making them random is one of the best ways to having a secure account.  This can be difficult to remember though unless you have a password manager, like LastPass, for example.
  3. Don't re-use passwords: Using the same password across multiple accounts is only making it easier for hackers to compromise more of your data.  Having the same password is akin to making a skeleton key to your identity.  If one account is compromised, it's likely that all of your accounts using that password are as well.
  4. Use Two-Factor Authentication: Two-Factor authentication links your phone to your account.  Although it's not completely infallible as a means of securing your account, it adds just another layer of security to protecting your data.  Two-Factor authentication will link your phone to your account, asking you to enter a code sent to your phone after an initial login attempt.
  5. Use a Password Manager: For your accounts, it's a good idea to use a password manager to keep track of your passwords and help you remember passwords for all of your accounts.  Password managers have been hacked as well, however, and when they are hacked, the data held within can be considered compromised.  Password managers are great for generating complex passwords for you, but you should keep your password manager offline.  Using an encrypted thumb drive that is password protected or equipped with some kind of biometric measure is the safest way to storing your passwords.

Managing all of your online accounts and passwords can be a difficult task to accomplish, but it's key to keeping your data secure.  Following our recommendations above and using data safe-guards will protect your identity and information in the future.  If you're interested in learning more about keeping your data safe and secure, you can contact us today!