Passwords have become an unavoidable part of our everyday lives, at both work and home, but many of us are still falling victim to some very bad habits.
What’s worse, over half (51%) of people were also found to be using the same passwords for both work and personal accounts, meaning that if just one of your logins is compromised, it could affect every other one you own.
Bad password habits
The company analyzed over six million leaked passwords to examine the most commonly used password patterns and how people’s passwords are hacked.
Overall, Dojo found the most common password patterns feature 6-10 characters, with 457,212 password patterns found to contain six characters, which could be guessed in less than a second.
The most commonly-found format pattern featured eight lower-case letters, such as “iloveyou”, which was seen in 365,174 of the examined passwords. Although easy to remember, the simplicity also means the password is straightforward to guess, with hackers able to crack it in around three seconds.
Also popular were six lower-case letters (263,333 passwords), which can be guessed instantly, along with six digits (193,879 passwords) and six lower-case, then two digits, such as “london89”, (132,885 passwords) which could also be cracked in a matter of seconds.
Using an upper-case letter followed by eight lower-case letters, eg “Wednesday” was found in over 120,000 passwords, with four lower, then four digits, eg “alia1990” also proving popular (85,547 passwords).
The most commonly hacked password categories were found to be those involving pet names or terms of endearment, with the likes of ‘King’ (948,203), ‘rose’ (30,506) and ‘love’ (19,310) being widely used. Colors were also a popular choice, with ‘Red’ (331,000 passwords), ‘blue’ (4,423) and ‘black’ (3,360) all commonly-used.
How to keep your passwords safe
To help users keep their accounts safe, Dojo recommends users create longer passwords that include special characters. Doing so will make it harder for hackers to guess a password, as they will need to try more password combinations – with the company noting that a password with 10 characters including special characters could take hackers up to 33 minutes to access.
The company is also advising the following tips:
- Use a mix of special characters, numbers and capital letters. Including a range of upper and lower-case letters, as well as numbers and symbols (such as $ £ !) this makes passwords more secure and harder to hack.
- Aim for a long password with a minimum of 8-12 characters. The longer the password, the better. Longer passwords require more time to work out combinations and hackers looking for a quick win may be deterred.
- Use multi-factor authentication. Two-factor authentication requires hackers to get through two layers of security checks before they can get onto your account.
- Use a password manager. When creating multiple unique passwords, it can be tricky to remember them all. Instead of writing passwords down or on your phone’s notes, there are secure apps and websites where you can safely store these passwords instead.
- Change your passwords. If you have any concerns that a password has been compromised be sure to change the password to reduce the risk of your accounts being compromised.