These passwords need to be changed – now.
It’s hard to find anything good to say about passwords, to be honest. Either you hate them or you hate them. While the push for a more secure alternative to passkeys is ongoing, most of us are stuck with password protection for most of our accounts right now. This is a problem, given the high-velocity brute force password attacks against Microsoft users, weak router password security issues, 2FA bypass attacks, and Google login hacking tactics being exploited. All of this makes using a strong and secure password a must, something the people on this recently published list are certainly not doing. Here’s what you need to know and the passwords you need to change now.
Change your password now if it’s on this list
Security researchers from anyIP, a mobile proxy service, have analyzed the results of research undertaken by NordVPN, which revealed the 200 worst passwords used during 2024. Although I’m not interested in the old chestnut of “this password can to crack in less than a second” hacking speed when it comes to password security or strength, because those measurements are arbitrary at best and dangerous at worst, Can’t to deny that the top ten “most hacked passwords” is one that any user who cares about the security of his account should be far away.
anyIP researchers found that, unfortunately, very reliable, “password” was the most used of these intolerably weak and useless passwords. The rest of the list was no more comforting to a veteran cybersecurity professional who has been spreading the word about the importance of secure password use for three decades. In second place was the keystroke tracker of qwerty123 followed by qwerty1 and 123456. Being a UK-specific list, this included UK-specific country names and sports teams, but every geographic region would see a similar password pattern weak; Just replace those cities and teams with your own.
Check out the ten most hacked passwords in the UK
“These findings highlight the alarming prevalence of predictable and easily hacked passwords,” said Khaled Bentoumi, co-founder of anyIP. “Hackers are using increasingly sophisticated tools to breach accounts in seconds, and relying on weak passwords is akin to leaving the front door open.” Bentoumi is not wrong; The idea that convenience still trumps security for many users reflects poorly on the cybersecurity industry that hasn’t done better, and on commentators like myself that don’t get the weak security message across any more successfully.
What users should do now to mitigate the risk of password hacking
As mentioned, switching to a password-based login process is recommended wherever available. You can try a simple demo of Passkeys.io and see how painless they are to use and create. The cure from a technology perspective is that the passkeys are completely impossible, although nothing is 100% secure, for hackers to guess or intercept. They are not shared during the login process and the keys are randomly generated to begin with.
Here’s a tip to make your passwords more secure: generate them randomly using a password manager to ensure strength, complexity, and uniqueness. Never reuse your passwords, although if it’s something like password or qwerty123, that would be the least of your problems.
