Long passwords do not protect your account better

Specops Software, a Swedish provider of authentication and password management services, conducted research and found that 31.1 million accounts were hacked and accessed illegally using passwords containing 16 characters or more.

When analyzing an additional 1.8 million administrator accounts from various organizations, experts found that 40,000 system administrator accounts used passwords containing the keyword "admin" and only 50% of these performed monthly security assessments.

Meanwhile, according to security company KrakenLab, in the list of hacked accounts, common passwords are character strings combined with the number sequence 123456.

Next are passwords that contain the word "pass" and its variations like "P@ssw0rd" or "Pass@123". These passwords are complex enough to pass Active Directory's password setting rules, with enough uppercase and lowercase letters, numbers, and special characters to pass.

Therefore, to ensure security, passwords not only need to be long and complex, but also need to contain "unique" and difficult-to-guess elements, and should not use familiar keywords.

Users should also change their passwords regularly and avoid repeating them. It can take tools millions of years to crack a long, strong password, but reusing old passwords or using common keywords can expose a user's account to unauthorized access in an instant.

In late 2023, password manager NordPass said that brand names like "amazon", "netflix", "google", "motorola" and memorable words like "welcome", "demo", "test" were popular passwords with numbers. However, they could be cracked by hackers "in about a second".