'Admin' and 'awesome' are top password choices and take mere seconds to crack

16 November 2023 - 10:56 By TimesLIVE
subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now
'Admin' is a very weak password commonly used by South Africans.
'Admin' is a very weak password commonly used by South Africans.
Image: 123RF/20er

Passwords used for streaming services are the weakest and those for financial services the strongest but most are easy to crack in super-quick time.

This exposes users to the risk of fraud on their accounts.

In 2023, “admin” was the most common password among South Africans as revealed by the fifth annual NordPass study.

“Instead of improving password creation habits, internet users have gone in another direction by sticking to already pre-configured passwords. For example, the most popular password in South Africa — admin — is most likely the standard pre-configured password people do not bother changing,” the report notes.

People also often go for passwords that reveal an emotion, with “awesome” trending in South Africa.

Other popular choices are password and password 1; Sexy1234; and Mandela1964.

The study identified the 200 most common passwords worldwide and comparison among 35 countries.

Internet users often use numbers in their passwords. This year, the world’s most common password “123456” is ranked second in South Africa. Almost a third (31%) of the world's most beloved passwords this year consist of similar numerical sequences, such as “123456789,” “123321,” and “000000”.

Up to 70% of passwords in this year’s global list can be cracked in less than a second.

NordPass chief technology officer Tomas Smalakys said weak streaming passwords is associated with people jointly managing shared accounts and using easy to remember passwords for convenience.

He warned consumers that hackers are targeting passwords saved on browsers.

“Malware attacks are particularly dangerous because malware logs contain a vast amount of information about the victim. For example, malware can steal information saved in your browsers, such as passwords and other credentials, source website cookies, autofill data. In addition to that, it can also steal files from its victim's computer as well as system details such as OS version or IP address.

“The scariest part is victims might not realise their computer is infected. Bad actors tend to hide malware in well-crafted phishing emails, imitating a legitimate organisation, such as your bank or your company,” Smalakys said.

Throughout the five years of NordPass conducting this research, “123456” was the top password four times. According to Smalakys, this is a clear sign that a change in authentication is essential.

Passkeys are a new form of authentication. The essence of this technology is the user doesn’t need to come up with a password — everything is done automatically. When joining a website that supports passkeys, the user's device generates a pair of related keys — public and private. The private key is saved on the device itself and the public key is stored on the website’s server. Without each other, they are useless. If the user is successfully identified by their biometrics, the passkeys are matched and the user signs in.

“This technology will help eliminate lousy passwords, thus making users more secure.”

Tips for secure credentials management:

  1. Create long and complex passwords. “123456 just doesn’t cut it anymore,” said Smalakys. Easy to guess passwords equal unlocked house doors, which is why he advises using 20 character random passwords containing uppercase and lowercase letters, symbols and numbers.
  2. Avoid storing your secrets on your browser and adopt a password manager. With stealer malware attacks targeting credentials on browsers, third-party password management software is considered a more secure choice for credential storage.
  3. Start adopting passkeys. An increasing number of websites are now offering the option to access accounts with passkeys instead of passwords. While passkeys won’t completely replace passwords just yet, they are definitely the future of authentication.
  4. Stay vigilant. To protect yourself from stealer malware, pay close attention to anything you download onto your computer. Malware is often distributed via phishing emails — so learn how to recognise them.


subscribe Just R20 for the first month. Support independent journalism by subscribing to our digital news package.
Subscribe now

Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.

Speech Bubbles

Please read our Comment Policy before commenting.