10 passwords that hackers can crack in less than 5 minutes

Analysis of most used passwords in Spain

Using secure passwords is basic to protect our personal digital information. However, many people still use weak and easy-to-guess combinations, providing easier unauthorized access to their accounts. According to the NordPass’s annual report, some of the most used passwords in Spain in 2024 are as simple as “123456” or as “password,” or even include terms like “España” or “Barcelona,” which can be cracked by cybercriminals in less than 5 minutes. Although these passwords are easy to remember, their simplicity make them an easy target for attackers. Hackers use advanced algorithms that test thousands of combinations in seconds, and the most popular passwords, like the ones just mentioned, are usually checked first.

The challenge of managing passwords

Each person handles a large number of passwords to access different services: social networks, emails and bank accounts, among others. In fact, it is estimated that each person has more than 70 logins. Having so many keys can lead a person to fall into the temptation of choosing simple passwords or repeating the same key across multiple accounts, which increases the risk of being hacked. If an attacker manages to obtain one of our passwords and uses it on multiple accounts, the access to all of them will be compromised. Additionally, many people choose easy-to-guess passwords, such as names of family members or pets, birth dates, or number sequences, which makes the task easier for cybercriminals. This lack of security makes the job simple for cybercriminals.

Why passwords are not enough?

Passwords, no matter how complex they are, are no longer enough to guarantee the security of our accounts. To improve our protection, it is essential to adopt more robust passwords that make hacking attempts more difficult. These are the essential steps to generate secure passwords, that include the recommended length and the best combinations of characters:

• Length: A secure password should have at least 12 characters. The longer it is, the harder it is for an attacker to crack.
• Variety of characters: Including a combination of uppercase letters, lowercase letters, numbers, and special symbols (like #, $, %, etc.) substantially increases the security of the password.
• Avoid the obvious: It is essential not to use easily guessable data, such as names, birth dates, or common words that could appear in a dictionary. Cybercriminals usually test these combinations as the first step in their hacking attempts.
• Use unique passwords: Each account should have a different password. Avoiding the reuse of keys on different platforms is crucial, as if one account is compromised, the others could also be at risk.

How to manage a large volume of passwords?

Considering the high number of passwords that need to be managed, it is complex to keep control of all of them. The solution consists on using password managers and implementing a two-factor authentication (2FA). A password manager is a tool designed to store and organize all access keys securely, eliminating the need to remember each password individually. Instead of it, we just need to remember one master password, that grants access to all other keys.

Advantages of a password manager:

• Secure storage: Stores your passwords encrypted, preventing them from falling into the wrong hands.
• Generation of robust passwords: Creates random and complex passwords, making them much harder to guess.
• Autofill and accessibility: Logging into different platforms is faster and easier, without having to remember or type each password.
• Access from any device: Password managers allow you to access your keys from any internet-connected device, all synchronized and secure.

Despite of the advantage offered by password managers, the two-factor authentication (2FA) provides an additional level of security. This technique involves an additional verification step, ensuring that even if an attacker manages to obtain the password, he/she cannot access the account without the second authentication factor. Generally, the two-step verification process is carried out in two phases:

1. First step: Entering the first factor. This factor consists of on something the user knows, such as a password.
2. Second step: Provision of the second factor. This factor corresponds to something the user possesses, such as a mobile device, a physical key, or a USB device. This element, which is a unique and temporary code, known as OTP (One-Time Password), is sent or generated, and must be entered during the login process.

The importance of not reusing passwords

A key aspect of digital security is not reusing passwords. Each account should have its own unique key. If the same password is used for multiple accounts and one of them is hacked, all others will be equally compromised. It is also advisable to change them periodically, following the renewal policies implemented by many organizations, which usually require password updates every 90 days. This habit helps to mitigate the risk of a leak being useful for a long period and ensures more effective control over digital accounts.

Passwords are a essential tool for the protection our accounts, but they are not enough. It is crucial to create long, complex, and unique sequences for each account. Additionally, using a password manager and activating a two-factor authentication are important steps to improve the security of our digital credentials. In such an interconnected digital world, we must improve additional security measures to protect our personal information and to ensure our data is secure.