Easy-to-guess words and figures still dominate, alarming cysbersecurity experts and delighting hackers

It is a hacker’s dream. Even in the face of repeated warnings to protect online accounts, a new study reveals that “admin” is the most commonly used password in the UK.

The second most popular, “123456”, is also unlikely to keep hackers at bay.

It’s not just a problem here – Australians, Americans and Germans also use “admin” more than any other password when accessing websites, apps and logging in to their computers. Around the world, “123456” emerges as the most popular.

  • Jimbabwe@lemmy.worldEnglish
    3·
    2 days ago

    Invent your own hashing algorithm. It’s easy, fool-proof, secure, and reusable without compromising security.

    Here’s a few examples: ebay.com password is moc.y4b3-saltyboi69 lemmy.world password is dlr0w.ymm3l-saltyboi69

    (These aren’t real btw)

      • Zaktor@sopuli.xyzEnglish
        4·
        2 days ago

        Most compromised passwords are used by script kiddies in mass attacks, not targeted attacks by elite hacking squads. If a password fails verbatim, they just move on to the next compromised account of millions, not develop pattern recognition software to try to figure out replacement candidates for each website.

        • Jumuta@sh.itjust.worksEnglish
          1·
          22 hours ago

          Association attacks exist in the wild.

          Let’s say that this is their ebay account. In that case the reward for unlocking each account is very high, so attackers (even in mass attacks) have incentive to put in more work as long as the work cost per account hacked is less than the average reward and there is a net profit.

          I assume in this day and age it’s probably also viable to use LLMs for password guessing, as long as it’s for a high value account. That unlocks a whole another can of worms and if it was me I’d never use low entropy passwords like “moc.y4b3-saltyboi69”

          Perhaps this kind of password is viable if it’s for an online service that implements rate limiting, but you also have to consider the case that a site gets hacked and their encrypted database (encrypted by each user’s password) makes it onto the web. This has happened a lot recently and makes it ridiculously easy for people to throw their GPUs at the task.