You probably think your clever little “P455W()rD” password is the highest degree of online security in the land, but a new study by the bright minds at Germany’s Hasso-Plattner Institute says otherwise. In fact, your passwords are pretty much useless, because you keep reusing them. What is the matter with you?
After studying 1 billion user accounts — yes, that’s billion with a “b” — from over 30 different leaks and breaches, researchers discovered that 27% of user passwords were nearly identical to those used by the same email address for a different account or service. In fact, 20% were exactly the same from one account to the next.
The obvious issue here is that by reusing an account password, anyone with that information can simply use your email address and bad password habit to take a peek inside all of your other accounts, too. Hackers who target smaller services, like a local company, might get your password and then use it elsewhere, like your PayPal account.
Beyond duplicate passwords, the study found that the passwords themselves are just utter crap right from the start. According to the data, here are the five most common user passwords across all services:
- 123456
- 123456789
- 111111
- qwerty
- 12345678
Are you serious right now? If there were a GIF that depicted a disheveled dog pooping on an account login screen, I’d use it right now.
In short, if you’re using strings of numbers or even whole words as your password — and especially if you’re duplicating or nearly duplicating them between services — you need to spend a Saturday completely revamping your account security, or you’re just making yourself an easier target.