By recording what passwords online scam artists use to break into an internet-connected point of sale systems – like a shop kiosk or computer, security group Rapid7 put together the definitive list.
In order to track the passwords used by cybercriminals, experts set-up a number of honeypots – an area of a website that looks legitimate to hackers, but is actually isolated and closely monitored.
The study by Rapid7 ran for 12 months. During that time, the experts’ honeypots racked up a staggering 221,203 separate login attempts from some 5,076 devices in 119 countries.
Rapid7 Security Research Manager, Tod Beardsley said this type of research “is incredibly useful for spot checking the state of cyber hygiene.”
It also reveals where businesses can improve their digital security.
The top 10 most-guessed passwords by online cybercriminals are –
1 – x
2 – Zz
3 – St@rt123
4 – 1
5 – P@ssw0rd
6 – bl4ck4ndwhite
7 – admin
8 – alex
9 – …….
10 – administrator
For example, take the first letter of each word in your favourite song lyric, phrase or poem – and use those letters, which appear like a random jumble, as your password.
A password manager is another way to generate and securely store unique passwords with letters, symbols and numbers.
But even these aren’t always secure.