19 billion passwords that are leaked through the security warning of telephone security

A study with over 19 billion exposed passwords showed that only 6 percent of the passed passwords were clear. The vast majority, 94 percent, were reused or duplicated, which made them main goals for cybercriminals.

Frequent keyboard patterns and slightly guessed strings remain predominant. The “123456” sequence is still dominated and, according to the cybernew's study, appears in 338 million passwords.

Why is it important

The scale of password injuries and the persistent dependence on weak passwords have increased the concerns regarding the “login information”, a tactic in which attackers use automated tools to test stolen login information on several platforms.

Even violations of the success rates between 0.2 percent and 2 percent can still result in thousands of compromised accounts, according to cybernews.

The most common password length is eight to 10 characters, and a significant part only contains small letters and digits, which means that passwords are susceptible to brute force attacks.

Compared to only 1 percent in 2022, 19 percent of the passwords now mix up capital letters, small letters, numbers and symbols.

What to know?

The analyzed data record included 19.030,305,929 passwords from 200 cyber security incidents. These came from leaked databases, theft protocols and combolists.

Paul Walsh, CEO of Metacert, has highlighted another growing risk attribution: Phishing attacks on phones. He has asked Cybersecurity companies to tackle SMS phishing with the same intensity as e -mail security in order to reduce the password losses and injuries.

Walsh said in an article published on Monday Forbes The most recent national SMS-phishing test by Metacert, which was carried out in March and including airlines such as AT&T, Verizon, T-Mobile and Boost Mobile, was worrying.

“Every phishing message was still transmitted,” said Walsh. “None were blocked, marked or rewritten.”

Walsh wrote an open letter to the cybersecurity industry and asked why the SMS -Phishing problem was not solved a long time ago.

What are the most common passwords?

The predictable patterns continue to dominate the selection of passages. “123456” alone appears in 338 million of the passwords in the cybernews study, while “password” and “admin” were used over 100 million times.

Users often rely on names, with “Ana” appearing in 178.8 million cases. Positive words such as “love”, “freedom” and references to pop culture such as “Batman” are also widespread. Surprisingly, profanity is also common; “Ass” alone appears in 165 million passwords.

The most frequently used pop culture terms in passwords included “Mario” (9.6 million), “Joker” (3.1 million), “Batman” (3.9 million) and “Thor” (6.2 million).

In addition, seasonal words, food and cities often contain passport selection, which means that accounts remain susceptible to attackers who take advantage of such predictability. Over 10 million of the passwords showed “Apple”, 4.9 million “rice” and 3.6 million “orange”, while 3.3 million were chosen for “pizza”.

The most popular city for passwords was “Rome” (13 million), while “Sommer” (3.8 million) was the most popular season.

What people say

Neringa Macijauskaitė, researcher for information security at cybernews: “We are faced with a widespread epidemic of reuse of a weak password. If you reuse passwords across several platforms, a violation in a system can affect the safety of other accounts.”

Paul Walsh, CEO von Metacert Forbes: “Criminals have already moved in full power and the industry does not react.”

“The cybersecurity industry has no lack of experts in relation to e -mail security, endpoint protection or network defense, but when it comes to SMS infrastructure and security, there is a clear lack of deep specialist knowledge.”

What happens next

The researchers have asked individuals and organizations to increase password security by using password managers that enable minimum length and complexity standards and enable the authentication of multifactors. Companies are recommended to regularly check access controls, to monitor the login information and to take on real-time recognition solutions.