We learned the worst slogans of the year. If you continue to use them, you are asking for problems

There’s not a week that goes by without us hearing about some minor or major data leak of users of popular online services. And from these leaks we learn, among others: the fact that many people still ignore the basic rules for creating strong and secure passwords.

. These are the most frequently repeated passwords among those that have fallen into the hands of cybercriminals. The top ten are as follows:

1. 123456
2. admin
3. 12345678
4. 123456789
5. 1234
6. 12345
7. password
8. 123
9. Aa123456
10. 1234567890

Read also:

If you have previously come across the list of the worst passwords from previous years, you can easily notice that this ranking remains almost unchanged. NordPass data shows that “123456”, the first password in the list, was used 4.5 million times. Behind him is “admin” with over 4 million records, and the podium is closed by “12345678” (used 1.3 million times).

NordPass – worst passwords of 2023 NordPass

According to experts, hackers could crack most of the top 100 passwords in less than 1 second. The exception here is the entry “UNKNOWN” in 11th place (used 240,000 times), which takes 17 minutes to figure out. A lot, because three hours would also have to be spent trying to find the 40th position in the ranking, i.e. the phrase “Eliska81” (used 75,000 times)

How long does it take for a hacker to guess your password? photo: Gazeta.pl / source: Security.org / Statista

How to protect yourself against account theft?

Rule 1: Strong password

A strong password should consist of several characters, including lower and upper case letters, numbers and special characters. It is worth remembering the principle of one account = one password. Using the same password for all services is a gift to criminals. It’s as if we handed them a master key to our online identity.

Rule 2: Secure password

Take care of your password and do not share it with anyone. It is a bad idea to save it in publicly accessible places or in the cloud. Never send your password by email. If you have forgotten your password and use the password reminder function, remember the new password and then delete the received message.

Rule 3: Pay attention to HTTPS

If you log in to your e-mail client from a web browser (so-called Webmail), make sure that the connection to the server is encrypted. In this case, the website address starts with “https”.

Rule 4: Activate two-step account verification

Most email providers offer this option. Two-step verification is an additional layer of security for our account. When logging in, the user must enter not only the name and password, but also a verification code sent by SMS to the telephone number provided during registration. For Gmail, you can also use the Google Authenticator mobile app.

Rule 5: Beware of suspicious emails

Caution and common sense are the best weapons in the fight against potential threats online. Whenever you receive a suspicious email in your inbox, answer five simple questions:

• Do you know the sender of the message?
• Have you received other messages from this sender before?
• Did you expect to receive this message?
• Does the message title and attachment name make sense?
• Does the message contain malware?

If the answer to any of these questions is “NO”, then do not open the email and do not reply to the sender.

Also remember that banks, companies offering online payment services, as well as social networking sites never send messages to customers asking them to provide login passwords or other sensitive data. If you received such an email, the sender is probably a scammer.