Keyboard diagonals are the new weak password hit

Passwords with patterns in them are the first to get cracked. As tempting as they might be, you should avoid passwords the create a visual pattern on your keyboard. — Photo: Christin Klose/dpa

BERLIN: “123456" has once again won the dubious honour of being the most widely used insecure password, according to a ranking compiled by cybersecurity experts in Germany.

But among the ranking of bad passwords in Germany, compiled every year by the country's Hasso Plattner Institute (HPI) of digital engineering, there was a surprise in third place and a newcomer to the dubious password top ten.

“1Qaz2wsx3edc”.

No words, a combination of uppercase and lowercase, both numbers and letters - at first glance it appears to be a solid password.

But the seemingly complicated "1Qaz2wsx3edc" hides a simple and therefore dangerous pattern: it’s created by using keyboard diagonals from top to bottom. Basically, you start with a number, and then go down diagonally.

Given that this password was leaked online, we can assume it's one of the first that cybercriminals will try when trying to hack into an account.

HPI based its ranking on a database analysis of nearly one million passwords leaked in 2022. Many people continue to trust the simplest words ("password") or simple keyboard patterns such as "qwerty".

HPI offers an Identity Leak Checker based on a database with hundreds of millions of online identities where you can check whether your password has been stolen.

A similar site is called Have I been pwned? Both sites are free and can help you discover whether your access data has been hacked and is circulating online.

Simple passwords are like invitations to attackers to take over your online accounts. Anything that’s in the dictionary is a no-go, as is anything that follows a keyboard pattern, is a known string or combination or that is short.

HPI recommends choosing passwords that are long (at least 15 characters), complex and unique — you shouldn’t use the same or similar passwords for different services.

It’s important to use all character classes in a password (upper and lower case letters, numbers and special characters) and to avoid using names or real words. After a security incident, the password in question should always be changed immediately.

Password managers make it easier to follow these rules and to keep track of all of your passwords. While there are paid options, one free and open-source service is Keepass. It’s also advisable to activate two-factor authentication wherever it’s available. – dpa

×

Related stories:

Is it the end of the road for passwords as we know them?

LastPass says hackers stole customer data, encrypted passwords

Opinion: We should all be using more secure passwords – and changing them more often

These passwords are easily hacked; tips to strengthen your online security

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

   

Report it to us.

Next In Tech News
Japan's antitrust watchdog to find Google violated law in search case, Nikkei reports
Is tech industry already on cusp of artificial intelligence slowdown?
What does watching all those videos do to kids' brains?
How the Swedish Dungeons & Dragons inspired 'Helldivers 2'
'The Mind Twisting Quadroids' review: Help needed conquering the galaxy
Albania bans TikTok for a year after killing of teenager
As TikTok runs out of options in the US, this billionaire has a plan to save it
Google offers to loosen search deals in US antitrust case remedy
Is Bluesky the new Twitter for teachers in the US?
'Metaphor: ReFantazio', 'Dragon Age', 'Astro Bot' and an indie wave lead the top video games of 2024

Trending in Tech

Others Also Read

Load more

Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

Best viewed on Chrome browsers.