- Predictable password habits continue to enable attackers who rely on large-scale automated cracking
- Length is still the defining factor that determines the actual strength of a password
- Administrators greatly influence password strength through the rules they choose
However, more research has revealed that when it comes to thinking about strong passwords, we’re all still pretty useless.
A Comparitech report that examined more than two billion exposed passwords found that sequential digit variations still dominate, and many of the most popular passwords are simple combinations created by swiping a finger across the first row of the keyboard.
Despite repeated warnings from security professionals, predictable passwords such as “123456”, “admin” or even “password” are still among the most used credentials.
Most users adapt common templates.
Even supposedly improved versions, such as Aa123456 or Aa@123456, appear frequently and remain highly predictable, the report notes, suggesting that many users simply adapt common templates rather than adopting significant complexity or length.
Researchers say the root of the problem remains that many people choose short passwords that are easy to remember but also easy to compromise.
They are often made entirely of numbers, which are quickly defeated by modern decryption tools.
A significant portion of the filtered strings include sequence 123, while others are based on similar numerical progressions.
Length and combination are key because longer passphrases are much more effective than short strings filled with arbitrary symbols.
Even small modifications can make a difference, because adding unexpected characters to a long phrase dramatically increases the time needed to guess it.
Security researchers note that longer constructions also reduce the cognitive load for users who have difficulty memorizing complex combinations of numbers and symbols.
In professional environments, administrators influence password security more than users themselves.
When organizations impose minimum rules, employees often adopt the lowest standard allowed, creating widespread weaknesses that automated attacks can exploit at scale.
When requirements emphasize length and consistency, password quality improves by necessity, even if individuals still rely on predictable structures.
Forced character expansion increases the computational effort required for brute force attacks, making large-scale compromises difficult.
Support tools can help change these habits. A dedicated password manager can generate and store long combinations that users no longer need to memorize.
Password generators within browsers also offer some help, although reliability varies when software updates introduce unexpected behavior.
For businesses that manage a wide range of accounts, a business password manager provides a more structured application.
They help administrators apply rules that reflect current security recommendations rather than outdated conventions.
Taken together, the latest findings suggest that the primary challenge is behavioral rather than technological, as unfortunately, users continue to prefer ease over security, and attackers continue to capitalize on those options with increasingly efficient cracking methods.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
