- Predictable password habits continue to enable attackers who rely on automated large-scale cracking
- Length remains the defining factor that determines a password’s actual resistance
- Administrators have a lot of influence over password strength through the rules they choose
Even more research has revealed that when it comes to devising strong passwords, we’re all still pretty useless.
A report by Comparitech, which examined more than two billion exposed passwords, found that variations of sequential digits still dominate, with many of the most popular passwords being simple combinations created by swiping a finger across the first row of the keyboard.
Despite repeated warnings from security professionals, predictable passwords such as “123456”, “admin” or even “password” remain among the most commonly used credentials.
Users mostly customize common templates
Even supposedly improved versions, such as Aa123456 or Aa@123456, occur frequently and remain highly predictable, the report notes, suggesting that many users simply adapt common templates rather than apply meaningful complexity or length.
The researchers say the root problem remains that many people choose short passwords that are easy to remember but also easy to compromise.
They are often made entirely of numbers, which are quickly defeated by modern cracking tools.
A significant portion of leaked strings include the sequence 123, while others rely on similar numerical progressions.
Length and combination are key because longer passphrases are far more efficient than short strings padded with arbitrary symbols.
Even small changes can make a difference, because adding unexpected characters to a long sentence drastically increases the time it takes to guess it.
Security researchers note that longer constructs also reduce the cognitive load on users who struggle to remember complex mixtures of numbers and symbols.
In professional environments, administrators influence password strength more than users themselves.
Where organizations enforce minimal rules, employees often apply the lowest allowed standard, creating widespread vulnerabilities that automated attacks can exploit at scale.
When requirements emphasize length and consistency, password quality necessarily improves, even if individuals still rely on predictable structures.
The forced expansion of characters increases the computational effort required for brute-force attacks, making large-scale compromises more difficult.
Support tools can help change these habits. A dedicated password manager can generate and store long combinations that users no longer need to remember.
Password generators in browsers also offer some help, although reliability varies when software updates introduce unexpected behavior.
For businesses that manage a wide variety of accounts, a business password manager provides more structured enforcement.
They help administrators apply rules that reflect current security recommendations rather than outdated conventions.
Overall, recent findings suggest that the core challenge is behavioral rather than technological – as users unfortunately continue to choose ease over security, and attackers continue to exploit these choices with increasingly effective cracking methods.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
