The list of the most used passwords of 2022, which Nordpass has just published, confirms that the majority of users we continue to violate the basic rules for its creation and maintenance.

No way boy! Although passwords are admittedly an unattractive security method for users, they are still the preferred authentication method for accessing Internet services or logging into operating systems, applications, games, and all types of machines.

And we don’t seem to be aware of it in light of a list compiled by a company specializing in password managers, which is created by analyzing the large data breaches that occur each year in attacks on massive services. The result, as you will see, is not good.

The most used passwords of 2022

The list of the worst most used is unfortunate, it is repeated year after year and they confirm it we are a bargain for cybercriminals they don’t even have to use advanced hacking methods.

Most of the most used ones, the old ones known as “123456”, “111111”, “qwerty” or “password”, take less than a second to decrypt by running a command that checks the most used ones. And not even that, because with a simple test they would gain access to the accounts. The world list is not wasted:

Specifically in Spainthe violation of basic rules during its creation is repeated in front of the rest of the world, and the usual numerical ones abound:

How to create strong passwords

We make it very easy for cybercriminals. Users are by nature “lazy” or carefree, although we are at stake by revealing our digital lives, which include both professional and personal matters. And financial… The most sought after for obvious reasons.

The recommendation is usual. Must try to create with basic rules which are part of any cyber security manual and provide the do’s and don’ts of creating and using passwords. We remind them again:

• Don’t use typical words or common numbers.
• Do not use personal names, animal names or dates of birth.
• Combine upper and lower case letters.
• Combine numbers with letters.
• Add special characters.
• Extend the term with the largest number of digits.
• Do not use the same password on all sites.
• In particular, use specific passwords and as strong as possible for banking and online shopping sites where we expose our financial information.
• Protect your password from any third party.
• Never share your password with anyone. Not even in supposedly official requests from emails or messages from messaging services, as these are usually phishing attacks impersonating your identity.
• Change username and email.
• Reinforce the use of passwords whenever features such as two-factor authentication (2FA) or biometric systems, fingerprint sensors or facial recognition are available.
• Cleaning up online accounts that we don’t use as routine maintenance.
• Check that your passwords are not hacked. Have I Been Pwned is a good place to look.

password managers

It’s nearly impossible for a human internet user to securely manage credentials to access the hundreds of accounts we’re sure to subscribe to. There are a group of applications that are very useful. Basically this type of software reduces human error in password managementbecause it automates the process of generating and accessing websites and services.

Passwords created by these administrators are of course highly secure and meet standard standards for size and complexity. They also help against phishing attacks by instantly identifying characters from other alphabets, adding a huge advantage: just remember the master password and the manager will take care of the rest.

Apps like the renowned LastPass and other commercial and/or paid apps may sound familiar to you, but from our handy section we once suggested these five completely free open source solutions that our users really liked. A big advantage of open source administrators is the ability to audit the software and keep the credentials under your control, install it and host it yourself on our own computer. We recall the most interesting ones:

KeepPass. It’s the “granddaddy” of open source password managers and has been around since Windows XP. KeePass stores passwords in an encrypted database that you can access using a password or digital key. You can import and export passwords in many different formats.

Bitwarden. Specially designed for LastPass users looking for a more transparent alternative, it works as a web service that you can access from any desktop browser, while Android and iOS have their respective mobile apps. Bitwarden can share passwords and has secure access using multi-factor authentication and audit logs.

Passbolt. A self-service password manager designed specifically for work teams. Integrates with online collaboration tools such as browsers, email or chat clients. You can host the program on your own servers to maintain complete control over your data, although teams without experience or infrastructure can use a cloud version hosted on company servers.

pson. Psono is another option for teams looking for open source enterprise password management software. It is a self-hosted solution that offers a beautiful web client written in Python with source code available under the Apache 2.0 license.

team pass. A team-oriented manager with a basic offline mode that we like, where it exports your items to an encrypted file that can be used in places without an internet connection. Teampass isn’t the prettiest app in the world, but the design is amazing and you can quickly define roles, user permissions, and folder access.

Managers in browsers

If you don’t want to use a third-party manager, another option is to use the password managers of the browsers themselves. Chrome, the leader in the segment, has significantly improved its operation and capacity in the latest versions, including features offered by the specialized ones mentioned above, such as the detection of compromised passwords, warnings when creating a weak password or a very simple edition. from it in its own administrator.

The administrator stores them securely, allows them to be managed in chrome://settings/passwords, and uses them to populate the username and password fields the next time you visit the site. Very similar to what Mozilla did Firefox with its “Password Manager” which is one of the best in web browsers. The new Chromium-based Microsoft Edge also has its own manager that offers the very basics of a dedicated manager.

A new reminder this World Password Day 2021 to raise awareness of the need to invest a few minutes of your time in looking after a key element of the security of your internet and your digital home. And there are no excuses. We have information and resources. Let’s not make it easy for the enemies of others.