Between the 1 billion hacked Yahoo accounts and all the other cyberattacks that occurred last year, 2016 could easily be declared the year of the data breach. Although the companies we trust with our information need to do a better job encrypting data, a new report suggests that we're also not doing our part to protect ourselves.
Keeper, a password management firm in Chicago that creates password management and digital vault software, found that as a whole we're making it too easy for criminals to get to our information.
The firm looked at 10 million passwords that became public due to the various data breaches last year, and the results were concerning.
Although security experts (ourselves included) have been warning about the risks of weak passwords for years, the most common passwords of 2016 remained the most obvious ones, which no one should be using. Topping the list was "123456," and the study revealed that 17 percent of people are still using it!
Another troubling observation is that four of the 10 most common passwords have fewer than six characters, making them that much easier for hackers to crack them.
So, what were the biggest culprits? Here's a list of 2016's top 10 weakest passwords:
We've said it before and we'll say it again: having a strong password helps protect your online accounts. It's one of the easiest steps you can take to protect your information. Obviously, if you see a password you use on this list (or anything similar), create a new one.
Tips for creating a new password
- Use long, unique passphrases. The longer the better and make it something that's meaningful to you so that it's easier to remember.
- Use spelling mistakes and replace letters with symbols. Adding these simple variations will make it harder to crack.
- Use a password generator. You can add qualifications to increase its strength, like how many characters to use and which symbols are acceptable.
You don't want to use the same password for all your different accounts but trying to remember all of them can be difficult. If you're afraid that you'll forget your new unique passwords, consider using a program like Keepass. We use it here at the Komando offices. It stores and organizes all your passwords offline. Click here for download instructions.
What to do if you've been hacked
First of all, you need to figure out whether or not you've been hacked; most people don't know until it's too late. You can type your email address or username into the site Have I Been Pwned and it will tell you immediately. (Don't worry about this site being a phishing scam, we've vetted it ourselves).
From there, you need to reset the hacked account's password. Answer your security questions or have a temporary password sent to a different, secure email address. For social media accounts like Facebook, Twitter and Instagram, follow the instructions on their account recovery pages.