Cybersecurity research shows the most commonly used passwords across 25 countries in Europe, revealing the average time it takes for brute force attacks to gain access to personal accounts — and many of the passwords take under one second to crack.
According to UK-based Custard Technical Services, the average time it takes to hack the top 30 most used passwords by residents, which includes the usual culprits such as "123456," "qwerty," "password" and more, can take as little as 0.3 seconds in Austria. Thousands of users have these passwords, which makes it simple for hackers to deploy a brute force attack: a tactic that uses trial and error to crack passwords.
- Best password managers of 2022
- Replay attacks allow hackers to eavesdrop on you — how to prevent them
- Best laptops for programming in 2022
The report states that it takes around 14 hours to hack a password across 25 European countries on average, but some regions are more at risk than others. This includes Russia, where it takes an average of 8.96 seconds to crack, Latvia at 17.48 seconds, Spain at 26.52 seconds, and Switzerland at 36.26 seconds. To put this into perspective, the most used password, "123456," has been used as a password over 129,000 times in Switzerland alone.
To get the results, Custard used the top thirty most used passwords in each country from Nord Pass' research in 2021, and measured the time it would take to crack each password using an automated brute force password checker.
Many of the passwords used in these countries such as "123456," "qwerty" and "password" take as little as 0.2 seconds for hackers to swiftly gain access. The report also shows that other countries such as Greece, Germany, Denmark and Hungary are known to use these common passwords as well. In fact, 84% of the 25 European countries analysed had "123456" as the most commonly used password.
However, there are other credentials that leave a user's account compromised, too. This includes "iloveyou," which has been used over four million times, along with "1q2w3e4r" at over three million, "dragon" at over two million, "pokemon" at 980,000, and "liverpool" at 930,000. All of these take under one second to break, even if others are slight variations from common passwords.
As previously reported, the National Counterintelligence and Security Center (NCSC) revealed the top 20 most commonly hacked password categories that everyone should avoid. Many of these includes names for people and pets, food and animals, with many not having numbers or symbols.
It's a good idea to update your password with a random yet memorable assortment of letters, numbers and symbols, as it doesn't take much for a hacker to bypass simple passwords. Password managers are a great way to keep your credentials in order. They store all your unique passwords in a secure digital vault that can only be accessed by you, and they can generate strong, random passwords.