Harvard University’s Information Security group says a good password for an online account has at least 10 characters with a combination of English uppercase and lowercase letters and numbers and symbols, like # or %.
The group suggests starting with a word you can remember and then modify it to meet these requirements. For example, the word “strawberry” could be modified into leetspeak – the convention that replaces letters with numbers and/or symbols – to spell out “$tRAWb3rry” and the result would be a fairly secure password. This type of password might not be the strongest, but it’s secure enough for your Facebook page or bank account.
According to NordPass, a proprietary password manager, many Americans are still using unmodified lowercase words or simple numeric combinations to verify their identities, resulting in common passwords that are widely shared and easy for software programs to break in as little as a second.
To compile a list of the most common passwords in the U.S. in 2022, 24/7 Tempo reviewed a recent study of passwords worldwide by NordPass, which worked with independent researchers specializing in cybersecurity incidents in 30 countries. (These are the countries with the most leaked passwords.)
The most frequently used passwords for U.S.-based online accounts include, “guest,” “monkey,” and, yes, “password” – most of which could be guessed almost instantly by anyone with rudimentary knowledge of cybersecurity and the right software. (You might be particularly vulnerable if you live in one of the states with the most identity theft.)
Apparently, there are a lot of sports fans among these careless American netizens, because other common easy-to-crack passwords used in this country include “football,” “soccer,” “baseball,” and the oddly specific “jordan23,” referring to basketball legend Michael Jordan. By the way, adding Jordan’s jersey number to the end of his last name doesn’t slow down password-cracking tools a bit.
Neither does using a string of numbers. The numeric password “123456789” or the four other variants that rank among the most common passwords in America, is not much safer than if you used just one number. Modern computational power surpasses your ability to imagine any numeric combination that would fit in the password window of a typical login page.
Even many seemingly esoteric passwords can be cracked. The 20th most common password in America, according to NordPass is “g_czechout.” The underscore and the unconventional spelling make the password harder to crack – it takes 12 days instead of just seconds or minutes. But this password would be more secure by orders of computational magnitude if you simply added numbers, uppercase letters, and a symbol to the combination.
Sponsored: Find a Qualified Financial Advisor
Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to 3 fiduciary financial advisors in your area in 5 minutes. Each advisor has been vetted by SmartAsset and is held to a fiduciary standard to act in your best interests. If you’re ready to be matched with local advisors that can help you achieve your financial goals, get started now.