- Predictable password habits continue to enable attackers who rely on large-scale automated hacking
- Length remains the determining factor that determines the actual strength of a password
- Administrators strongly influence the strength of passwords through the rules they choose
Yet other research has found that when it comes to finding strong passwords, we’re all still pretty useless.
A Comparitech report examining more than two billion exposed passwords found that sequential number variations still dominate, with many of the most popular passwords being simple combinations created by swiping a finger across the first row of the keyboard.
Despite repeated warnings from security professionals, predictable passwords such as “123456”, “admin” or “password” remain among the most frequently used identifiers.
Users mainly adapt common models
Even supposedly improved versions, such as Aa123456 or Aa@123456, appear frequently and remain very predictable, the report notes, suggesting that many users are simply adapting common patterns rather than adopting significant complexity or length.
Researchers say the fundamental problem is that many people choose short passwords that are easy to remember but also easy to compromise.
They often consist entirely of numbers, which are quickly defeated by modern cracking tools.
A significant portion of the leaked strings include the 123 sequence, while others rely on similar numerical progressions.
Length and combination are key, because longer passphrases are much more effective than short strings filled with arbitrary symbols.
Even small changes can make a difference, because adding unexpected characters to a long sentence significantly increases the time it takes to guess it.
Security researchers note that longer constructions also reduce cognitive load for users who have difficulty memorizing complex mixes of numbers and symbols.
In business environments, administrators influence password strength more than users themselves.
When organizations enforce minimum rules, employees often adopt the lowest standard allowed, creating widespread weaknesses that automated attacks can exploit at scale.
When requirements emphasize length and consistency, password quality necessarily improves, even if individuals still rely on predictable structures.
Forced character expansion increases the computational effort required for brute force attacks, making large-scale compromises more difficult.
Supportive tools can help change these habits. A dedicated password manager can generate and store long combinations that users no longer need to memorize.
Password generators in browsers also offer some assistance, although reliability varies when software updates introduce unexpected behavior.
For businesses managing a wide range of accounts, a professional password manager allows for a more structured application.
They help administrators enforce policies that reflect current security recommendations rather than outdated conventions.
Overall, the latest findings suggest that the main challenge is behavioral rather than technological – as unfortunately, users continue to choose ease over security, and attackers continue to capitalize on these choices with increasingly effective hacking methods.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
