Published on 03:24 PM, October 03, 2023

Study reveals the most commonly compromised passwords

The use of weak and vulnerable passwords is a significant security risk. Find out if you have been using any of the most commonly compromised passwords currently known.
Tech & Startup Desk

In today's digital age, passwords are the first line of defence against unauthorised access to our online accounts. However, despite the increasing awareness of the importance of strong passwords, many individuals and organisations still fall victim to cyberattacks due to weak or commonly compromised passwords.

Specops Software, an international password management company, has recently released in-depth research on the most commonly comprised passwords and whether password lengths enhance online security. Take a look if, by chance, you have been using any of the weakest passwords currently known.

Most commonly compromised passwords

The most commonly compromised passwords of 8-character length are 'password', 'research' and 'GGGGGGGG'. 8-character-length passwords, whether they have numbers, upper cases, lower cases, symbols, or combinations of all of these, take the shortest time for hackers to crack, with 8-character passwords with only numbers or only lowercase letters being able to be cracked instantly.

Moving onto 9-character-length passwords, 'GGGGGGGGG', 'anandiGBZ', and 'cleopatra' top the list of the most hackable passwords. From there, 'OOOOOOOOOO', 'GGGGGGGGGG', and 'passwordGG' from 10-character-length passwords that appear on the list. 

For 11-length ones, there are 'Sym_cskill', 'sym_cskillO', and 'Foxracingll'. For 12-length ones, there are 'sym_cskillOT', 'sym_cskillOG', and 'sym_cskillOB'. 

Passwords 'mcafeeptfcorp', 'CitrixTargusl', and 'rubyflankerG' are the most vulnerable for 13-length characters, with 'hacktheplanetl', 'trendmicro.com', and 'minecraft.A.S' for the 14-length ones. Even 15-length-character passwords 'SY&cutskillsIO', 'Sym_newhireOEIE', and 'sym_newhireOAIE' made the list.

Specsops notes that the phrase 'new hire' appears commonly in 15-character passwords, specifying that IT admins should avoid predictable passwords like these when creating office accounts for new employees. This pattern also shows that employees do not often change their passwords and stick with the default one that was set by the office IT. 

Does a longer password equal more security?

While even 15-character passwords are not immune to hacking attempts, Specsops notes that an average of 85% of the compromised passwords were under 12 characters in length. So, following that pattern, it does take longer for a hacker to crack a lengthy password as opposed to a short one. 

For example, a password with 22 characters with a unique combination of numbers, upper and lower cases, and symbols, would take about 2 septillion years for a hacker to crack, whereas a 13-character-length password with numbers only can be cracked instantly.

Read more

How to safeguard against 5 key threats to password security

Nonetheless, lengthy passwords alone may not guarantee immunity from compromise, especially in the face of phishing and various social engineering tactics. The more significant concern lies in attackers gaining access to a repository of passwords from less secure websites or SaaS applications. Thus, being vigilant to all forms of malicious attacks is the key to a secured online account.

Top Stories