Cybercriminals use a variety of tactics to try to determine your passwords. And too many people make the effort easier by using weak and simple ones. A new study from Dojo on the most hacked passwords may be able to help you stay safer online by knowing which mistakes to avoid.
From the RockYou2021 collection of breached password lists, Dojo was able to examine more than 6 million such passwords. As a result, the firm uncovered the most commonly-used passwords, their average length, and the most popular subjects that surfaced in a huge number of breaches.
Also: Goodbye, LastPass: These are the best LastPass alternative password managers
First, though, what kind of tricks and techniques do hackers use to try to obtain your password?
One popular method is the brute force attack in which cyber crooks use automated tools to run through millions of potential passwords per second. A similar tactic is the dictionary attack where the bad guys check common words and phrases to try to guess your password. Some hackers will scour your social media accounts to find personal details that may play a role in your passwords.
Sent via email, text message, or phone call, the phishing attack is another popular scheme through which you're tricked into revealing a sensitive password. And sometimes passwords are stolen through malware that infects your PC without your knowledge.
Also: Stop using your browser's built-in password manager. Here's why
Based on the findings from Dojo's analysis, the number and type of characters used in a password determine how quickly it can be hacked. Passwords with only lowercase characters are a popular but vulnerable pattern. Such a password with only six characters takes virtually zero seconds to crack. One with seven characters takes 0.12 seconds. And one with eight characters would take three seconds.
Even spicing up a password with an uppercase letter, a number, or a special character doesn't help much if the password is short or follows a familiar pattern. Passwords with eight characters that start with an uppercase letter appeared more than 4.5 million times in data breaches. Those that ended with a special character were found more than 3.5 million times.
Certain subjects and topics also lend themselves to hackable passwords.
Among the themes analyzed by Dojo, nicknames and terms of endearment were used in passwords more than 1 million times. Names of TV show characters popped up more than 455,000 times, while TV show names appeared more than 365,000 times. Other popular topics found in the breached passwords included colors, fashion brands, cities, countries, movies, body parts, car brands, pet names, swear words, and video game characters.
Also: The best password managers to save you from login hassle
Drilling down to some of the categories, the passwords "King," "Rose," "Love," "Boo," "Hero," and "Angel" were the most popular ones among nicknames and terms of endearment. Common colors used as passwords were "Red," "Blue," "Black," "Gold," and "Green." And those who like to use video game characters for their passwords went with such choices as "Joel" (from The Last of Us), "Q*Bert," "Link" (from The Legend of Zelda), "Mario" (from Super Mario Bros), and "Ryu" (from Street Fighter).
Based on its analysis of the breached passwords, Dojo has cooked up a list of Do's and Don'ts designed to help keep your passwords safer and more secure.