The Weekly Breach Breakdown Podcast by ITRC - Hack Attack - S5E34

Show Transcript

Welcome back to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown, supported by Sentilink. I’m James E. Lee, the ITRC’s COO and this is the episode for Friday, November 1, 2024. Each week on this podcast, we look at the most recent events and trends related to data security and privacy. Today, we’re going to talk about the most common passwords in 2024 and how long it takes to break them.

On World Password Day 2024, Bitwarden published a survey that showed 25 percent of people around the world reuse the same passwords across as many as 20 accounts. Thirty-six (36) percent said they use personal information in their passwords that can easily be found on social media. Those are not the kind of cyber-hygiene habits we’d like to see people adopt.

Neither are the most common passwords. The most popular password, according to VPN and password manager company Nord, is 123456. It is followed by admin, 12345678 and 123456789. If you thought “password” was the most popular password, your pick made it on The Top Ten list at #7. That’s password with a small “p.” Password with a capital “P” comes in at #14.

How easy is it to break a password? Cybersecurity firm Hive Systems has just published its annual breakdown of how long it and identity criminal to crack a password. Thanks to AI, it’s blinding fast for short passwords. Using 123456 as your password, you can be compromised instantly. Using admin? By the time I finish this sentence, a cybercriminal would be in your account.

If you must use a password, make it long and a combination of letters, numbers and symbols – the longer the better – and something you can remember, like a quote or movie title. A 12-character password with just lowercase letters will take 1,000 years to crack. One with upper-and lower-case letters will take four million years.

The ITRC just released its annual Consumer & Business Impact Report that focuses on what happens when a person or small business is attacked by identity or cyber thieves. There’s some good news in this year’s report when it comes to password habits. After someone has their identity compromised, most victims now change their passwords to ensure they use long passwords and do not use the same password on multiple accounts. Better yet, this year’s report shows 30 percent of consumers created a passkey to replace their passwords when given the option. More of that, please!

If you want to know more about how to protect your business or personal information or have questions about the most common passwords and strong passwords, you can speak with an expert ITRC advisor on the phone, via text message, chat live on the web, or exchange emails during our normal business hours (6 a.m.-5 p.m. PT). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Next week, be sure to check out our sister podcast, the Fraudian Slip. We will discuss the finding in our 2024 Consumer & Business Impact Report. Also, just a helpful reminder: don’t forget to turn your clocks back this weekend to regain that extra hour of sleep you lost to Daylight Savings Time. 

We’ll return next week with another episode of the Weekly Breach Breakdown.