A unique unspaced string of alphanumeric and striking symbols to validate the user's digital identity is often interpreted as a Password, aka passcode. It is an initial point of authentication but no longer remains the ultimate solution to online security. Gone are those days when passwords seem to be a hard nut to crack, like '123abc' or 'Rohn1994'; sadly, the trend of living with simple login credentials for multiple accounts continues to be evident among many netizens, as it doesn't only confine to unauthorized access but can expand beyond dire consequences like identity theft, data manipulation, online impersonation to name them a few.

Although a strong password can obstruct any malicious intent to some extent, almost 97% of internet users are aware that password recycling poses a significant risk factor. However, only 53% of them actually admit to following the bandwagon. Thus reports of cyber-attacks and data breaches over the years haven’t made a huge difference.

##Password Psychology: An Undeniable Fact Behind Living With Simple Passwords

While Global Cyber Threat cases are skyrocketing every other day, users are least bothered to adapt to higher difficulty level passwords, given the amount of time they spent online relying on their user data over cyberspace.

A global survey of 3,250 individuals across the United States, Singapore, Australia, United Kingdom, Germany, and Brazil furnished evidence that increased knowledge of security best practices doesn’t necessarily clarify into better management of passwords. Besides, there haven't been any sheer changes while choosing passwords as the first point of security.

According to a s urvey suggesting that 91% of users are aware of using the same password on multiple accounts poses a security risk, but only 25% are convinced to use a different password. And here are some of the most probable reasons behind their procrastinative behavior for choosing a simple, easy crack password.

Most of the users with compromised passwords have shown several contradictions in their behavior wherein they were supposed to do something. Instead, they end up doing something else which may not reflect their concern about insecure passwords. Out of 77% users, considerably remained informed about these best practices only 57% attempted to memorize their passwords and 32% jot down on a piece of paper.

Forgetfulness is another viable reason behind sticking to a simple password for a prolonged period. As password reusability is highly risky and, in most cases, can be detrimental to unauthorized access.

And that's why most users also prefer to rely on the same password for multiple accounts, which surprisingly has scaled up to 11% percent according to random stats.

In other instances, users often circumstantially compelled to create passwords for signing up in various products & services, and not every website or application simply allowed any things as a form of "PASSWORD," and especially given the different password formulating requirements that evolved throughout these years, such as they might require a minimum number of characters, or perhaps a number and special characters included in that strong string.

Even after all these levied protocols, the eventual result seems to be entirely opposed. It insinuates that annoyed users with such arbitrary standards often push themselves to settle down with some insecure passwords without bothering much about its post consequences. This can also be a reason for not familiar with how their passwords are being actually exploited. And even after so many password related adversities evident across cyberspace, misconceptions of users couldn't get refuted as they still think swapping letters for a numerical equivalent prepares a more rigid and secure password to crack.

So, now users are left with a false sense of security since they find it highly complicated.

##How Passwords Are Cracked


We all know that it's challenging to decipher the hash back to its plain text form. But is it that simple to hash every single possible password and see if their hashes match up with the target? If they do, then you cracked their password. Now, it carries some computational power to hash these passwords. Some hashing functions are even more computationally harder than others, making them more time-consuming to decipher.

And that's why SHA-1 is often a poor choice as current computers can calculate SHA-1 hashes in real-time. A threat actor can go through a list of SHA-1 hashes more quickly than they would if it would have to be a dump of bcrypt hashes.

Now the more significant the sample space of the password is, the more possibilities an attacker has to figure out the hashing before the attacker eventually learns about the correct one and, in some cases leading the attack infeasible dubbed as brute force attack. In this, an attacker is striving to conjecture the valid password at random out of the sample space's possible passwords.

However, due to its inefficiency, this strategy is lesser-known to everyone; mainly, it is termed as instrumental if the password is very short.

As far as the longer passwords are concerned, attackers retain some assumptions about how users create passwords in the substantial plurality of cases; the options are affluent towards certain human behavioral tendencies.

In likely cases, the attacker creates a dictionary of commonly used words, patterns, and passwords, then they try out those and see if the hashes match up. And manipulates it infrequently, like a password, and pushes those. After that, it appended words and strived once again. This process makes guessing the correct combination overwhelmingly easier.

This being the reason that Password1, from a brute force perspective, would have been a slightly above-average password; it has 9 characters & 62 characters possibilities and a theoretical entropy of around 53 bits.

However, it is actually a terrible password because it is a variant of one of the most common passwords. If a password stability estimation tool accounted for common passwords, a password like that would receive a harsh penalty, perhaps down to 0 bits of entropy.

This type of attack is dubbed a dictionary attack. Instead of brute force blindly, we use computational power to create variations on top of words people are most likely to use: terms they know or passwords utilized before other users.

Hence data breaches are considered valuable as they not only provide private data that attackers can use for malicious intents such as extortion or social engineering, but they also offer the best dictionary possible: actual passwords users are using.

Key To A Secure Password And Its Management

Authentication is the first point of user interaction while accessing the resources saved on the web and is also an indispensable part of Cybersecurity. And from that perspective, cyber securing online presence and maintaining the overall safety of users' data & privacy is prominent to keep a secure password. But what, according to cybersecurity, is a secure password on which pretty much every user can rely for securing their data & privacy. Here are few key points that illustrate the terminology behind formulating an ideal password. A password string should always include alphabetical and numeric characters with case sensitivity apart from special characters or symbols into an obscure combination.

Additional steps to increase its difficulty level against any crack includes an odd character in a differently familiar term, such as Rnylone instead of Rayrone;

a unique combination of two unrelated phrases like 'cereken.' A.'iction to acronyms for easy to remember quotes or sayings. A deliberately misspelled term, e.g., Wdn-G8 (Wooden Gate) or HersL00kn@U (Here's looking at you). Tweak with a letter, symbol, or combination, but don’t be too obvious about it.

Replacing 'o' with '0' or 'a' with '2' or 'i' with '1' is something that attackers can only expect.  It is better than nothing, but replacing '0' with '()' would also increase its robustness to make the password longer and not obvious.

An easily phonetically pronounceable nonsense word, e.g., ReD-BeD or 'look-like.'

Two words separated by a non-alphabetic, non-numeric, or punctuation character, e.g., PC%Kat or dog,~1#

Another trick is to choose something that may be easy to recognize the password string while leaving a secrecy hint behind to help in remembrance, like keeping a series of limited characters like 8 or 11, pick a phrase that is easy to remember, and customize it differently with all the first or last letters from each word, and then substitute some letters with numbers and symbols. It can then apply capitals to some notes and could also keep or add punctuation.

For instance, if you are selecting a password for a specific website, then you can especially incorporate the first few letters of the website name into your password so that it looks not only different from every other password but also remains easy for you to remember. If one gets exposed or compromised, then it doesn't affect other passwords.

It's better to aim at a longer password, which has more security. If the full set of allowed printable characters set and increase the password length, the possible combinations jump exponentially.

8 Characters > 675,453,531,245,761 (675 Trillion) Combinations

9 Characters > 47,848,500,718,449,031 (47 Quadrillion) Combinations

10 Characters > 5,255,243,551,009,881,201 (5 Quintillion) Combinations

When character sets are referred to, they are typically numbers, upper and lowercase letters, and a given set of symbols. As far as management is concerned, well nowadays, passwords can be managed with various options. Still, the most convenient among them is having a password manager who is highly reliable in not only storing all the passwords but can also generate different unique combinations of passwords for additional requirements. The only things that users can remember are only the master password to access the entire password directory.

Besides doubling up the password strength is more comfortable with 2-Factor Authentication or Multi-Factor Authentication mostly offered by various websites or applications on top of the password.

##List Of The Worst Passwords of all time, Exposed, And Compromised Multiple Times

Here is a broad compilation of the worst passwords of all time, ranging from prevalent to distinct combinations, based on the thorough analysis of over 200 million datasets during 2020. And almost 44% of them are considerably unique as the rest are relentlessly deciphered through a brute-force attack, dictionary scripts, simple human guesswork, or maybe social Engineering.

• michael
• 123321
• football
• baseball
• q1w2e3r4t5y6
• nicole
• jessica
• purple
• CjdTrzYui99
• picture1
• senha
• Million2
• aaron431
• evite
• jacket025
• omgpop
• qqww1122
• qwer123456
• unknown
• chatbooks
• 20100728
• 5201314
• Bangbang123
• jobandtalent
• default
• 123654
• ohmnamah23
• zing
• 102030
• 147258369
• party
• myspace1
• asd123
• a123456789
• 1111
• a801016
• 12341234
• 101010
• princess1
• 987654
• love
• 25251325
• iloveyou1
• 686584
• hunter
• password123
• 123456789a
• naruto
• 888888
• 1234qwer
• 147258
• 999999
• 159357
• 88888888
• 789456123
• anhyeuem
• 1q2w3e
• 789456
• 6655321
• 1234567
• Raider555
• qwerty
• Sonu67$
• abc123
• Limon46
• Million2
• Gah60
• 000000
• Omkar1te
• 1234
• 290rWq
• iloveyou
• Raipur1995
• aaron431
• XbRfgk
• password1
• Ed8huh1z
• qqww1122