When it comes to updating passwords, we are creatures of habit — and change is hard. But hey, it’s 2020 and it may be time to beef up your security game because, according to new research, people are still using easy-to-hack passwords like “123456789,” the word “password,” and “iloveyou.”

Of the 200 worst passwords, “123456” is the most commonly used in 2020, with 2,543,285 people choosing it. That password takes less than a second to crack.

How hackable are your passwords?
Despite multiple reminders from cybersecurity experts, after comparing the list of the most common passwords of 2020 to that of 2019, there is little to no difference — aka: we haven’t learned much.

The list of passwords was created by a third-party company specializing in data breach research. In total, they looked at a database with 275,699,516 passwords. New to the Top 10 this year is “picture1” and “senha” which means “password” in Portuguese.

The Top 10 most common passwords in 2020 were: Drumroll please……….

  1. 123456
  2. 123456789
  3. picture1
  4. password
  5. 12345678
  6. 111111
  7. 123123
  8. 12345
  9. 1234567890
  10. senha

If your password is on the list, it’s probably time to make a change.
Try to avoid using dictionary words, predictable number combinations, or strings of adjacent keyboard combinations. And this should go without saying — but under no circumstances should you use a password-based on any personal details like your phone number, birth date, or name.

Security experts suggest changing your passwords every 90 days with a mix of upper and lowercase letters, and creating a different password for each of your accounts.

Now that you’re finally convinced it’s time to change your passwords, let’s make sure your NEW password is secure.

Password managers and checking new passwords
To really make sure your passwords are as strong as they can be, use a password manager to make sure your passwords are strong, long and unique. We use and recommend LastPass which still offers a FREE version of its application for individuals as well as 2 inexpensive upgrades if you want to share it with your family. https://www.lastpass.com/pricing

When you make a password up, or a password manager like LastPass generates one, check the new password to make sure it’s not among the hundreds of millions of known compromised passwords at https://haveibeenpwned.com/Passwords before you use it.

HaveIBeenPwned shows us that “correcthorsebatterystaple” has shown up 120 times in data breaches, but that, surprise, “dijskb” has not been seen. Neither has “F1n3!$od4?Bu1Ld1ng#4ccur4cy” or the phrase it was based on, “finesodabuildingaccuracy”. But don’t use either of those as your own password, because the fact that we’ve posted them here online means they’re already kind of compromised.

And, finally, set up two-factor authentication on every account that allows it. Settle for the texted-code factor if that’s all that’s available. If possible, use authenticator apps like Google Authenticator instead. That way if your password is hacked, the hacker still needs a second form of authentication to break into your account(s).