Your go-to password might be easier to guess than you think.
That's according to a new report from mobile security firm Lookout, which recently published a list of the 20 passwords most commonly found in leaked account information on the dark web. The list ranges from simple number and letter sequences like "123456" and "Qwerty" to easily typed phrases like "Iloveyou."
Choosing easy-to-remember passwords is understandable: The average person has more than 100 different online accounts requiring passwords, according to online password manager NordPass. But simple passwords can be extremely easy for hackers to figure out, allowing them stress-free access to your personal data and accounts.
It's a timely concern. Cybersecurity experts say the current Russian-Ukrainian conflict could result in an uptick in cyberattacks around the world, with U.S. banks expressing concern this week that they could be targeted. That's on top of a record number of data breaches in the U.S. last year – 1,862, up 68% from 2020 – according to a January report from the nonprofit Identity Theft Resource Center.
Lookout, which makes cloud security apps for mobile devices, noted in a December blog post that, on average, 80% of consumers have had their emails leaked onto the dark web. You could easily be among that majority without even knowing it.
Those leaked emails often lead hackers directly to your passwords for other online accounts and identity theft, Lookout said. Here's the company's list of the 20 passwords most commonly found on the dark web, due to data breaches:
If you use any of the above passwords for any of your online accounts, you'd be wise to swap them out for something more secure. Cybersecurity experts often recommend picking something longer than the minimum number of recommended characters, and using uncommon characters – like punctuation marks or other symbols – in place of letters and numbers, to make your password harder to guess.
Lookout also noted that the majority of people reuse passwords for multiple accounts, which is a practice you should avoid whenever possible. If hackers can get into one of your accounts, you can at least make it harder for them to get into the rest of them.
You should also figure out which pieces of information about you and your family are publicly available, and avoid using passwords that include that information – including birthdays, anniversaries, names of loved ones and even your hometown.
The U.S. Commerce Department's National Institute of Standards and Technology also recommends screening your passwords against online lists of compromised passwords and using multifactor authentication, among other security tactics.