If you purchase via links on our site, we may receive affiliate commissions.

Weakest passwords of 2022

18 November 2022

Lead graphic for password story — Image by Cybernews

High numbers of people are still using easily guessable passwords such as swear words, celebrity names, cities, animals, or keyboard sequences, with half of those observed consisting of just one word, according to fresh research.

Most popular passwords ranged from the banal – “123456” or “admin” – to the obscene, with curse or swear words like “ass” and “tit” making the top 10 uncovered by the Cybernews research team.

As well as using words that were crude, either in terms of their meaning or lack of sophistication, symbol combinations were rarely up to par with the standards recommended by cybersecurity professionals.

For instance, just 1% of observed passwords featured all the recommended criteria – both upper- and lower-case characters, numbers, and special symbols like the $ sign – while 15% consisted of just four characters.

This lack of sophistication, or entropy, makes passwords all too easy to guess during brute-force attacks – wherein a cybercriminal, often using AI-derived tech, enters multiple combinations to try to guess their way past a system’s defenses – as Cybernews research team leader Mantas Sasnauskas explained.

“Complexity equals entropy, or how much information is stored in a given password,” said Sasnauskas. “More entropy means the data is more chaotic, and chaos is good – that’s why it’s important to have randomly generated passwords, because they contain a lot of entropy and are more resistant to brute-force attacks.”

All data observed by the team was anonymized, ensuring that users’ sensitive data was in no way compromised. Categories compiled included cities, countries, company names, food and drink items, and names of famous people. To learn more about what Cybernews uncovered, please click here to read the full article.