Have you ever used “123456” as a password? If so, you’re among the thousands of people worldwide who have used it, as revealed by a NordPass study, where this password stood out as the most commonly used in 2023.
Using “123456” as a password poses multiple security problems. Its simplicity makes it easy for attackers to guess, and its lack of complexity makes it vulnerable to brute-force attacks, where all possible combinations of characters are tried. The absence of special characters and the lack of uppercase and lowercase letters further exacerbate its weakness. This significantly increases the risk of compromising the privacy and security of the online account, exposing personal and financial data to potential theft or misuse by third parties.
Other passwords that stood out in 2023 for their continued use and risk included “admin,” “12345678,” “password,” and “111111.” There was also an increase in the use of passwords related to games and geographical locations.
Passkey technology emerges as an alternative to improve security in authentication, eliminating the need for traditional passwords. This technology generates a pair of linked keys: a public key and a private key. When a user attempts to access a passkey-compatible service, their device automatically generates these keys. The private key is stored on the user’s device, while the public key is stored on the service’s server. During authentication, if the user’s biometric data matches that associated with the private key, the identity is verified, and access is granted. This eliminates the need to remember and type passwords, improving both security and user convenience. However, this technology is still in the process of adoption and has not completely replaced the use of traditional passwords.
As for password security trends, the following stand out:
- Multifactor authentication (MFA/2FA): Adds an additional layer of security by requiring multiple forms of authentication, such as password, code generated by an app, and biometrics.
- Phrase-based passwords: Long and memorable phrases that are difficult to guess, such as “CoffeeWithMilkIsMyFavoriteDrink.”
- Use of password managers: They generate and store complex passwords, eliminating the need to remember multiple passwords. Additionally, they offer security audit features.
- One-time passwords (OTP): Valid for a short period and dynamically generated, used in combination with multifactor authentication.
- Advanced biometrics: In addition to fingerprints and facial recognition, authentication based on user behavior is gaining popularity.
- Continuous password review: Implementation of policies requiring periodic updates to mitigate long-term risks.
- User education and awareness: Importance of adopting secure practices, such as not sharing passwords and being alert to phishing attempts.