Passwords

The Password List: Top 10 Most Common Passwords You Should Avoid

4 years ago in Hacking/Privacy
password list

We all know that you cannot use a weak and predictable password. It makes it easy for hackers to access your account. In this guide, you will be presented with a password list of the top ten most common passwords that you should absolutely avoid.

Top 10 Password You Should Avoid

Number Passwords

There are a lot of numeric numbers that are highly predictable. A good example is using numbers in sequences such as 1234, 1234567, 123456, 12345678, 123456789.

Also, avoid using numeric numbers with repeated digits as your password. For instance, 111111, 000000, 7777, 2000, 1212. These are very predictable!

Additionally, avoid combining these digits with repeated alphabets. A hacker trying to get access to your account can gain access with these predictable numbers through specialized software.

Computer Keyboard Sequence

Do not use any password that can be easily detected on the keyboard. For instance, qwerty, qwertyuiop, zxcvbnm, or asdfghjkl. Do not also use any of these in all capital or all lower case form.

The passwords are selected from a single roll on the keyboard and can be easily predicted.

Popular Alphanumeric Passwords

most common passwords

This includes passwords with a mixture of both numbers and alphabets. Although, a strong mix of these two can help secure your account, using predictable alphanumeric passwords can ruin your accounts. Some of these passwords include abc123, 123abc, trustno1, password1, welcome1.

The above-mentioned passwords were among the most widely used passwords in 2012, according to a report by CNN.

Alphanumeric passwords are fast becoming popular because some sites and accounts made them mandatory. The idea behind this is to build a strong password and not to use very common ones.

Craft a good alphanumeric password and store this in your password list so that whenever you forget, you can easily access it on your list.

“Password”

This might sound a bit weird but it is very common. Many people think by using “password,” either in all cap or lowercase or with “@,” it would help secure their accounts. This is a lie. In fact, if “password” is your password, it is advisable you change it immediately. It is very easy to guess the password of an account stored with the word “password.”

Hobbies And Common Sports

Names of hobbies and sports are highly predictable. If a hacker has personal information about you, your hobbies or choice of sports would be among his or her first few predictions. Avoid using your hobby, your sport or any popular sport as your password.

Animal Names or Nature Words

This is similar to using a hobby or sport. A lot of people use their favorite pet or animal as their password. This alongside nature words should be avoided. Avoid passwords like tiger, lion, monkey, dolphin, sunshine, lake, winter, trees.

Most often than not, many people’s favorite pet is usually the same as others. Hence, it is advisable not to use this as your password.

Pet Names or Children’s Name

This is another highly predictable password. Do not use your pet names or the name of those in your life. Your general lifestyle and family would be among the first few passwords guessed by hackers. Avoid using words from these aspects of your life as your password.

Passwords Related To Login Words

Passwords related to login words like enter, login, letmein, admin, pass, access and so on should be avoided as this might be a quick guess for hackers or unauthorized access.

Obscene Words

People often choose obscene words related to sex as passwords because they think this aspect would be avoided by anyone trying to predict their passwords. This is usually not the case.

In fact, passwords with swear words and obscene words ranked as one of the most common passwords.

Other Common Passwords

Passwords like master, superman, shadow, 696969, michael, dragon, hunter, harley, buster, and so on should be avoided.

To stay safe, choose a complex password for your account and store it in your password manager’s password list. It is preferable to have a mix of alphanumeric, big and small capital letters in your password. Also, for accounts that have sensitive information like an internet bank account, you should use a unique password different from the ones you use for social logins.

You might be interested in

Red Teaming

What is Red Teaming?

Teaming is a practice in cybersecurity aimed at simulating real-life cyberattacks on a company’s system, network, or workforce. The idea

How to Become a Security Researcher

How to Become a Security Researcher

A security researcher investigates security vulnerabilities in applications, websites, hardware, and internet protocols. As security threats evolve, more and more

You Found Your Email on a Dark Web Database: Now What?

4 years ago in Dark Web
email found on dark web

Snap! You just found out your email is on the dark web. 

How did your email end up on the dark web? One of your favorite platforms could have been hacked and you were affected. Alternatively, you could have fallen for a phishing scheme that managed to capture your data.

The first thing that people do when they find their email on the dark web is to panic. You first have to ascertain the severity of the issue, before you make calls to the bank or start deleting accounts. 

In most cases, having your email merely on the dark web is not a problem just because it is there. In this case, your email is now an email that can be seen publicly.

The issue lies in the possible scenarios that may follow after your email lands on the dark web. With your information on the unsafest part of the internet, your identity could be related to a lot of activities that might put you at risk.

Hackers and scammers crawl the dark web frequently to find new user data to target. Even though finding your email on the dark web looks harmless initially, it might become something you never expected.

At this point, you need to act quickly to secure yourself and data. 

Scan Your Device and Applications

is my email on the dark web

You must understand the potential loopholes on your device and applications that may be leaking your data. This is crucial to prevent a similar situation in the future and stop more data from being leaked.

A virus scan on your device to check for any existing malicious software that may be stealing your data is needed. Malware can monitor your activity, log your keystrokes, and steal your passwords. 

If you find any suspicious files or apps that may be in this category, you have to remove them and change your login information instantly.

Once you are done checking for malware, you can then move ahead to the other measures you need to take.

Change Your Passwords, Make Them Strong

It would be best if you changed the password of your email as soon as it ends up on the dark web. Changing your password is essential because most emails on the dark web become targets for hackers or scammers.

Further, your email also gets marked for phishing attacks. It gets difficult for hackers to succeed in taking over your email when you change your password. 

There is a catch to this. You will need a strong password to ensure the total safety of your email. Here are some tips to follow.

  • Your password must be lengthy. (8 words +)
  • Don’t use your name or real words
  • Combine lowercase and uppercase letters
  • Add symbols and numbers

Beyond the email in question, you should also update the password of other applications you have used the email for.

Add Extra Security

After changing your passwords, you should also consider adding extra protection to your email.

Two-factor authentication (2FA) is a verification method that requires an additional piece of evidence for authentication.

2FA can be set up to send a code to your mobile number to verify all new sign-ins. In case your password gets compromised, the hacker will still have to enter your 2FA code to access the account.

Get A Second Email

Your primary email contains a lot of sensitive information that must be protected. To avoid sharing this email on several platforms, you should consider a secondary email.

This is an optional step, but one you should consider. You can jump on any of the email service providers to get a new email for random sites you visit that require your email.

Check Your Financial Apps

Finally, you should check your financial accounts when you find your email on the dark web. You might not have lost any funds because your email is out on the wild, but its good practice to ensure you are safe.

Check your accounts for mysterious transactions you did not make by yourself. You should also set up alerts for your financial accounts just in case hackers attempt to steal from you later on.

If you are not comfortable using your account just as it is after your email is found on the deep web, you can visit your bank to change your passcodes and other verification requirements. 

Am I Completely Safe Now?

You are certainly safer than you were before taking these steps. If you stay away from unreliable and suspicious sites, you will most likely not end up in this situation in the future.

However, large scale data leaks – that include your email address and/or login information – are always a possibility.

You might be interested in

Introducing Hashcat: The World’s Fastest Password Recovery Tool

4 years ago in Hacking
hashcat

Hashcat is an established password cracker that is considered the world’s fastest CPU-based password recovery tool.

In this article, you will be introduced to Hashcat and how it works.

Password Recovery

Passwords are a string of letters, numbers, or symbols used for the authentication process in various applications. We use them to gain access and also restrict unauthorized entry into accounts, applications, and databases.

However, what if you forget your password? How do you restore it? That is what makes a password cracking tools like Hashcat useful and important to understand.

What is Hashcat?

password recovery

Hashcat is known as the fastest and most advanced password recovery tool capable of cracking extremely complex passwords. It is highly versatile and fast, giving it an edge over other password cracking tools.

Jens ‘atom’ Steube and Gabriele ‘matrix’ Gristina developed the software.

Hashcat is open-sourced, free and cracks passwords using GPU cracking or CPU cracking. It is available for Linux, OS X, and Windows systems.

What Does Hashcat Support?

Hashcat supports a large variety of hashing algorithms, such as:

  • MD4,
  • MD5,
  • SHA-family,
  • NT Hash,
  • LM hash,
  • Unix Crypt formats,
  • MySQL,
  • WHIRLPOOL,
  • RipeMD,
  • Cisco PIX
  • and SHA family.

It also offers several attack modes, including:

  • Toggle-Case attack
  • Fingerprint attack
  • Rule-based attack
  • Combinator attack
  • Brute-force attack
  • Dictionary attack
  • Mask attack
  • Table-Lookup attack
  • Hybrid attack
  • Permutation attack
  • and PRINCE attack.

How Hashcat Works

Hashcat uses rainbow tables, precomputed dictionaries, and a brute-force approach to find an adequate way to crack passwords.

The software can convert readable information into a scrambled sequence, which could be used to crack passwords. The program uses a technique known as a brute force in direct cracking. 

You can download Hashcat online and use it to obtain lost passwords through multiple processes. It’s quite easy to set up because it comes along with a user-friendly guide that illustrates step-by-step how to use the program.

Some of its features include:

  • Compatible with well-know operating systems (Linux, Windows and OSX native binaries)
  • Multi-threaded and the threads have the ability to be configured and executed and used based on the lowest priority
  • Supports hex-salt, hex-charset, and automatic performance tuning
  • Allows reading of password candidates from file and stdin
  • Free and open source

Hashcat is a great tool for password recovery. However, malicious hackers also use it for nefarious purposes.

To ensure you are not an easy victim of a password hack, always make your password long and complex. Additionally, avoid using obvious information about yourself. Finally, you should also change your passwords regularly.

You might be interested in

Go to Top