VPN and password manager company NordVPN has provided its own list of the worst passwords of 2020.
The worst ones include the usual suspects, with "123456" topping the list. Also making the list this year is a non-English password: "senha," which is Portuguese for "password." As the website Tom's Guide notes, this might be a sign of previous years' lists not inclusive of non-English speakers. However, it also shows that poor password management is a concern across all languages.
Also making the list, for unclear reasons, is "aaron431." Some internet meme? A celebrity I've never heard of? A sports reference?
Oddly, in spite of everything going on in 2020, the list of passwords doesn't include any pandemic-related ones, such as "covid" or "coronavirus." Perhaps next year's list will reflect such?
The 25 worst passwords of 2020
Here's the worst passwords of 2020.
My usual password advice
As I said last year, here's my password advice:
- Use a password manager, such as KeePass, 1Password, and LastPass. Password managers can create and store strong unique passwords for each site.
- Avoid using popular or famous phrases, religious quotes, catchphrases, etc. as passwords or passphrases. While "PracticeSocialDistancing," "BlackLivesMatter," and "WearAMask" are important ideas, the phrases themselves make for lousy passwords.
- Don’t use Facebook (or another social network) as a login for sites. Just create a new password for the site in question.
- Don’t reuse passwords on more than one account. The use of the same password on multiple sites can make security breaches even more dangerous for users.
- Use two factor authentication if possible. Two factor (or two step) authentication helps beef up security on sites, by requiring an additional step (and separate piece of information) to log in. Google Authenticator and Authy are two popular authentication apps.