These passwords take 1 second to crack

Here’s a wild stat: 78% of the world’s most common passwords can be cracked in less than a second. The most-used password in the world, “123456,” has been leaked more than 3 million times. And get this: 1.2 million of those were corporate passwords.

This is based on fresh research from my password manager pick. For six years, NordPass has studied how we handle passwords. Let’s dive into the numbers. Spoiler: It’s not pretty.

The most common leaked passwords

NordPass analyzed more than 9 million stolen passwords. The most common:

  1. 123456 (found 3,018,050 times)
  2. 123456789 (found 1,625,135 times)
  3. 12345678 (found 884,740 times)
  4. password (found 692,151 times)
  5. qwerty123 (found 642,638 times)
  6. qwerty1 (found 583,630 times)
  7. 111111 (found 459,730 times)
  8. 12345 (found 395,573 times)
  9. secret (found 363,491 times)
  10. 123123 (found 351,576 times)

All of these take less than 1 second to crack. One trick is a brute-force attack, where hackers try every password combo until they hit the jackpot. 

They also use leaked password databases from previous breaches.

Because many people reuse their passwords, your leaked Netflix login could allow them to access your cable company account, too.

Making a big mistake worse

Of course, all these were stolen or hacked, so you’d expect them to be weak. But the list also includes some you might be using even if you’re more tech-savvy.

Think sequential numbers or letters on a keyboard (e.g., “567890” or “asdfgh”), repeated characters (e.g., “99999”), or easy-to-guess words like “princess” or “baseball.” You’re not the only one using pet names, hobbies or your favorite teams for inspiration.

Here’s the scariest part: 40% of the most common passwords in the personal and work lists are identical. That means if hackers get into one of your personal accounts, they can waltz right into your work systems, too.

Continue reading

My top password manager pick has an A+ security feature built in

But there’s a smarter way to protect your online accounts — using a trusted password manager like NordPass.

Remembering complex, unique passwords for every single account is practically impossible. If you’re like most people, you probably end up reusing passwords or writing them down somewhere, which isn’t your best bet if you value security. 

Continue reading

No more “password1”: Move random characters at the beginning or end of your password into the password itself. Ideas: Replace the letter “O” with a zero, like this: k0mand0_scholar. Or sub in a character for a letter it resembles (e.g., f@nt@syFormer).

🔑 Open sesame: An update to Google’s Password Manager lets you sync passkeys across Windows, macOS, Linux and Android. Previously, passkeys only worked on Android, and using them on other devices required scanning a QR code. Use a Chromebook or iPhone? Sit tight, you’re next to get the update.

How to deal with a cyberstalker

Let me tell you, more and more victims of cyberstalking are reaching out to me for advice using my Ask Kim page. Here’s one note I received recently from P.W. in Oklahoma:

“I’ve been cyberstalked for three years. I recently discovered it was my roommate. I moved out and he launched another attack. He’s on my and my fiance’s phones, Wi-Fi, Bluetooth — everything. He has stolen financial data, pictures, erased accounts, taken over emails and harassed me through VOIP. … He admitted to sitting outside our house all night. I thought he was spying on me. Now I know he was also gaining access to my Wi-Fi. I can’t do this anymore and need expert advice/help terribly.”

Continue reading

Goodbye passwords! Google just made a huge security change - Will it stick?

Passwords might be one of the biggest tech frustrations. Make them too hard, and they’re impossible to remember. Too easy, and your accounts are practically wide open.

Maybe you use a password manager or your browser’s built-in option to remember your logins. Here’s how to find saved passwords in your browser. 

Continue reading

🥩 The password “beefstew” is not stroganoff: Hackers are still going after password manager LastPass. If someone calls and offers help changing your LastPass login, hang up because it’s fake. You really need a better password manager.

Roughly 20% of people reuse passwords across multiple sites, and many don’t know the difference between a good password and bad password. You’re smarter than that — you read this newsletter! Remember, using three random words in a password is more secure than selecting random letters and numbers.

Saw this one coming: Cybercriminals are posing as employees of the password manager app LastPass to hack your passwords. It starts with an email from “support@lastpass” about “unauthorized access.” The fake site they send you to grabs your real master password. With all the security incidents at LastPass within the last couple of years, I’m not surprised.

Watch for a new “reset password” attack: Bad guys bombard you with messages to reset your Apple ID and then call you, pretending to be Apple Support. Don’t reset your password, and don’t give out your password over the phone.

The last straw: Password manager LastPass has all kinds of drama around keeping its customers’ logins safe. The latest: A fake app pretending to be the real deal was pulled from the Apple App Store. If you recently downloaded LastPass onto your iPhone, iPad or Mac, it’s time for a complete password purge. I recommend Total Password (it’s just $19).

Divorcing your spouse: How to safely remove them from shared accounts

When you host a show on over 400 radio stations in the U.S. about all things tech, this question comes up quite a bit: “How can I tell if my partner is cheating?”  

My best advice is to have an honest conversation with your partner, with the support of a couple’s therapist. Still, cheating does leave a ton of tech breadcrumbs. You have to know where to look.

Continue reading

Meduza: Scary name, scarier malware

Use Chrome, Edge, Brave, Sidekick, Opera or Firefox to browse the web? What about Discord, Steam, a password manager or a crypto wallet? 

You’re a prime target for the Meduza Stealer — a type of malware that poses a serious personal and digital security risk. Its primary purpose is to steal valuable data from your computer. We’re talking login credentials, credit card details and cryptocurrency wallet data.

Continue reading

Are your online accounts safe? 2023's most hacked passwords

Passwords keep your online accounts safe from hackers, but not if they’re easy to guess. Today’s cybercriminals study the latest trends and know what it takes to crack your code. 

Curious as to how your passwords measure up? Read on to see if yours made the naughty list and learn how to protect yourself from hackers.

Continue reading

FemTech is exploding, but is your private data safe?

This privacy alert is for our female readers, but guys, you can read it too! 

“FemTech” is the broad term for apps and programs catering to women’s health. Consumer Reports recently raised concerns about the privacy practices of women’s health apps, specifically period trackers. 

Continue reading

3 common mistakes when installing security cameras

Security cameras give us peace of mind that our homes and valuables are safe when we’re away. A doorbell camera can be a significant deterrent for sneaky thieves.

They aren’t failsafe, though. Crooks can jam Wi-Fi-connected video doorbells and rob you before you realize what happened. It’s rare but possible. Tap or click for smart ways to stop them in their tracks.

Continue reading

3 tricks to see if your passwords are being sold on the Dark Web

Hackers can make a ton of money by selling your private information on underground forums. It’s possible that your passwords are being sold on the Dark Web right now. That’s why you should run a cybersecurity check now and then.

Continue reading

5 signs your security camera was hacked and steps to prevent it

When setting up a home security system, you must password-protect your Wi-Fi and set up two-factor authentication (2FA). Hackers could take over your home network if you don’t take these precautions.

Safeguards like these can help stop a digital home invasion. Hackers are increasingly breaking into home security cameras, taunting and extorting people. A security oversight on your part could open the floodgates for a criminal to launch a reign of terror on you and your family.

Continue reading

Tab overload? How to control what happens when you start your browser

Today’s tech is all about choice. There’s the classic debate: iPhone versus Android. It’s about a lot more than blue and green message bubbles. Here are things you can do on Android phones but still can’t do on iPhones.

Continue reading

Scammers' latest trick: Getting you to open a OneNote document

Cybercriminals have been spreading malware through phishing emails for quite a while. But a new twist is making the rounds catching victims off guard. Instead of using malicious Word docs to spread malware, they have turned their attention to OneNote documents.

Continue reading