Is Your Password Predictable?

Is Your Password Predictable?

We all know that your security, when connected to the internet, is at stake, and it requires extra caution. The first line of defense against internet attacks is to have a strong password. But when we are required to sign up at every online store or to access information, we get a little lazy. After all, why would somebody be interested in your account where you have ordered ornaments for an upcoming holiday? Why would anyone be interested in hacking your hotel account that you visited last year? There are many accounts that we create online for one time access, which we then forget about. Over time, many such accounts remain unattended.

Along with them are many other accounts that we use rarely. If you are lucky, then these accounts will remain untouched for a lifetime. But are we really secure online? Let’s find out.

Splash’s Survey:

Splash’s eighth iteration of passwords is released, and after analyzing five million passwords leaked on the internet, they have two significant points to conclude: [1]

Despite massive attacks making headlines every year, the users continue to use easy and predictable passwords, leaving them at the risk of their data being breached.
2018 was the fifth consecutive year where “123456” and “password” retained their top positions among the highest used predictable passwords. “Donald” and “666666” were new entries.

Common and Uncommon Passwords:

According to, there are around 4.4 billion internet users, 3.5 billion social media users, of which 3.3 billion access social media on mobile devices. [2] Still, the password ‘123456’ has been used 23 million times in the breaches as collected by Troy Hunt in collaborating with U.K. based National Cyber Security Centre (NCSC). The report also identified that a complex password like ‘oreocookie’ has been seen over 3000 times on the internet. [3] NCSC concludes that the older generation is vulnerable to cyberattacks as they are less aware of the use of prominent passwords.

“Making good password choices is the single biggest control consumers have over their own personal security posture,” Troy Hunt. [5]

The Most Common Passwords Hacked

Users often create passwords which are closely related to them or, on the simplest note, are a series of numbers. The usual password formation ideas are as follows – [6]

1. Names:

Names are common password theme where over 400,000 users each have their first names ‘ashley’ and ‘michael’ as passwords. The other common names are ‘daniel’, ‘jessica’ and ‘charlie’ which are independently used over 300,000 times. These passwords are the first names of the users. That means of the attackers get hold of the email addresses then they can easily crack the passwords with their first names.

2. Musical Bands

Bands are another common password, of which 285,706 users opted for ‘blink182’ as their password. The other common band names as passwords are ‘metallica’, ‘eminem’, and ‘slipknot’ used individually by over 140,000 times.

3. Sport Teams

Among the sports teams ‘Liverpool’ wins the title as it has been used by 280,723 users. Liverpool is a premier league football team, and its followers have often used the title for their online accounts. Among the other top five premier league football teams whose titles are used as passwords, the popular are ‘chelsea’ ‘arsenal’ ‘manutd’ and ‘everton’. The users having their passwords relevant to favorite teams are most likely to be hacked as they often talk about their interest in social media. It makes it easier for an attacker to guess their password and crack their accounts.

The major challenge of having a simple password is that more likely the users adopt the same password to multiple accounts. If any of their accounts’ password gets leaked, the hackers can easily crack their other accounts.

“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favorite band,” said Dr. Ian Levy, NCSC’s Technical Director.
NCSC’s “Have I been pwned” website contains 100,000 passwords where you can identify whether your email has been pwned anytime. [4] And if your email id has been pwned, then NCSC recommend changing immediately.

How to Avoid Being Hacked?

Using hard-to-guess passwords is a first step towards the security of your account. One should be creative with words that can be memorized and not guessable. Each one of us must be cybersecurity aware of protecting our accounts from getting into the hands of attackers. EC-Council’s Certified Secure Computer User (C|SCU) is a recognized training program for every individual who works on the internet. It is a fundamental security-related program that brings awareness of cybersecurity habits and processes. Most importantly, the skills learned to help the students in mitigating their security exposure.




get certified from ec-council
Write for Us