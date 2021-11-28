Already. Also this year the vast majority of those who read have not changed their passwords for the hundreds of services to which we have access online, via PC or smartphone, little changes. Or if he changed it, he did it in a useless way, keeping the risk level at the same level. The list of the 200 most common passwords used in 2021 made by NordPass, a platform that naturally offers a password management service, tells it.

In the first place of the embarrassing list, compiled together with independent cybersecurity researchers, there is always the invaluable “123456” with its subsidiaries: in the second place “123456789” (are we kidding ourselves?) And in the third “12345 “. The top twenty list is a true gallery of horrors. A legacy that we thought we had blissfully squandered and that instead we still carry with us: in fact we can read the inevitable “qwerty”, the tautological “password”, a further numerical variant such as “12345678” and the legendary “111111”. It then continues with a series of not very useful variations (such as “123123”) until closing with “password123”.

It must be said, to be fair, that this crap is no longer accepted by the vast majority of online services: in order to push us forward in opening new accounts or profiles, more and more platforms require at least the inclusion of capital letters, special characters or precisely the need to avoid widespread codes, used previously or that include pieces of personal information. You do, but know that the maxi-leak known as RockYou2021 last June shot something like 8.4 billion passwords online, the largest collection of passwords of all time (in a 100 GB text file) published on one of the most popular hacking forums. And in any case in the 4TB analyzed by the experts for this report “123456” came out well 100 million times.

How to choose a sufficiently secure password? Having said that one of the best ways to protect an account or a profile is always to set, where available, two-factor authentication (for example with an application or code via sms, Google has recently introduced it by default for 150 million youtuber, others can set it as they like), you should follow these directions.

First of all, do not use personal information (names of pets or family, addresses or numbers, years of birth: forget them). You should also avoid using real and widespread words, perhaps replacing some letters with special characters, for example the “s” with the dollar symbol, small tricks of this kind that make life a little more difficult for the software that processes the combinations. alphanumeric. Not much, but it’s a bit like putting an extra lock on your front door. Then set long passwords: the longer the better, at least ten / twelve characters, and maybe paraphrase a phrase that is easy for you to remember (the verse of a song?) In a complicated way. Do not write passwords on clipboard or other apps but use a password manager and choose safe browsers. Again: change passwords regularly, especially in business contexts, do not “recycle” them from one service to another, beware of public Wi-Fi networks and test them. Both by digging into compromised databases and by exploiting platforms like this one, able to give you an opinion on its strength by indicating how long it would take a computer to crack it. Do you know how long it takes for “123456”? Zero seconds.

