Avoid These “Most Common Passwords of 2022” at all Costs
As IT professionals, our team at BSC Solutions Group has seen it all when it comes to bad or dangerous passwords. We know, however, that you have the best of intentions when creating your passwords, passcodes and usernames, which is why we like to provide this up-to-date list of the weakest or worst passwords in 2022.
We’ve also included some basic information on different types of data breaches and how you and your team can create iron-clad passwords.
We’ve included our previous list of the worst 25 passwords in 2019 to show how similar these dangerous, terrible, awful, risky passwords are. You get the picture, they’re bad.
From Splashdata, here are the twenty-five worst passwords of 2022:
As an example, the password “Password” has jumped to the #2 spot and 123456 is still #1. If you’re using any of these 25 passwords, you are going to want to change them immediately.
| Rank | 2019 | 2022 |
| 1 | 123456 | 123456 |
| 2 | 123456789 | Password |
| 3 | Qwerty | 12345678 |
| 4 | Password | Qwerty |
| 5 | 1234567 | 12345 |
| 6 | 12345678 | 123456789 |
| 7 | 12345 | Letmein |
| 8 | Iloveyou | 1234567 |
| 9 | 111111 | Football |
| 10 | 123123 | Admin |
| 11 | Abc123 | Iloveyou |
| 12 | Qwerty123 | Welcome |
| 13 | 1q2w3e4r | Monkey |
| 14 | admin | Login |
| 15 | qwertyuiop | Abc123 |
| 16 | 654321 | Starwars |
| 17 | 5555555 | 123123 |
| 18 | Lovely | Dragon |
| 19 | 777777 | Passw0rd |
| 20 | Welcome | Master |
| 21 | 888888 | Hello |
| 22 | Princess | freedom |
| 23 | Dragon | Whatever |
| 24 | Password1 | qazwsx |
| 25 | 123qwe | Trustno1 |
Other common passwords that are too risky to use include:
- Partner or spouse’s names
- DOB
- Digits from a phone number
- ATM password
- Nicknames
- Pet’s name
As you can see from the list, common phrases and even some pop culture references are commonly used by hackers. Starwars is back on the list of most common passwords for 2022, having dropped off back in 2017, but classic characters like princess and dragon are perennial.
How Do Data Breaches Happen?
A data breach happens when a hacker or cybercriminal accesses, infiltrates and steals confidential data. This can mean stealing data from a personal, public or business PC either at the computer itself or via remote access to the network.
Cyberattacks can take many forms from malware to phishing to password sniffing to employee leaks to stolen computer hardware and many more. The most typical techniques that attackers use to perpetrate data breaches are discussed below.
Ransomware
Ransomware is software that freezes access to or gains control of your data. With control of your data and system, the hackers will demand a ransom to relinquish control.
Common Target: Much of the private sector and government enterprise.
Malware
Malware, also known as “malicious software,” describes any program or code in excess of the usual number of normal tasks that behaves in harmful ways while probing other systems.
Malware has been designed to infect computers and is often known to appear as a warning against potentially harmful software. This false warning can cause users to panic and download this software, without realizing that it’s really malware. Malware can encrypt and hijack a computer and its functions in no time.
When you visit untrustworthy websites, download infected files or click on malicious email links or attachments, the security of your computer can be damaged.
Common Target: Businesses of all sizes and individuals
Phishing
A common method hackers use to gain access to sensitive information is to employ phishing scams.
Phishing involves sending fraudulent emails. These email campaigns may include messages that falsely claim to be from a trustworthy source, in order to entrap unsuspecting individuals into doing something such as clicking on an unsafe link, downloading an infected attachment or transferring funds.
Common Target: Businesses of all sizes and individuals
Denial of Service (DoS)
Denial of Service is a type of cyber attack in which the attacker prevents access to a computer or network resource. DOS can be executed by overloading the current systems, which can prevent some or all requests (however legitimate) from being fulfilled.
Common Target: Services that are hosted on high-profile web servers
If you need a hand creating a strong, hacker-proof password, we’ve included tips below:
- Avoid using personal information like your name, username, anniversary, or birthday. Any publicly available information is too risky to use as a password or in a password.
- Create a long password. Keep your password to a minimum of six characters.
- Don’t use the same password between accounts. If someone figures out your “master” password for one account, all of your other accounts can be at risk.
- Include a variety of characters. As Google often suggests, include a variety of characters like upper and lowercase letters as well as accepted symbols and numbers.
- Avoid using singular words. Something like Apple1 can be too easy for hackers to guess. Also, 1 is so commonly used in passwords, that you’re better off choosing another digit, or a set of digits. A better password in lieu of Apple1 might be @PpLe6!
- Use a phrase. Phrases are another way to go with your passwords, particularly non-sensical ones. They can also be easier to remember if you aren’t using a password manager. An example might be “Mybluedoghas5legs!” Note that this example also includes upper and lower case letters, a number and a symbol.
For other examples, check out this video by Safety in Canada on how to create a strong password.
BSC Solutions Group is Here to Help Protect Your Computers and Network from Cyber Crime
We know that you want and need to protect your organization and all aspects of it, including your employees and valued clients. This is why we offer a wide variety of solutions to keep you as secure and protected against cyber attacks as possible. One example is a centrally controlled password manager program which has the following features (and more) to easily enhance your security:
- Manage passwords with your own private, encrypted storage vault.
- Remember only one master username and password to access your entire vault.
- Populate usernames and passwords on websites or applications with just a click.
- Access your vault in the cloud from any device – desktop, laptop, tablet, smartphone.
- Easily generate random, high-strength passwords for all your websites and applications
- Get alerts when your passwords become outdated or weak.
- Receive alerts on any passwords found on the Dark Web.
- Allow users in a user group to access passwords through custom permissions.
When you need help with cyber security, backup and disaster recovery or anything else to do with your organization’s day-to-day networking needs, you can rely on our experts at BSC Solutions Group. With over 30 years of firsthand experience serving Brampton, ON and the greater Toronto area, we are your IT guardian angels. Book your free consult today to learn more about the difference we can make in securing your business.
