AMPYX CYBER

View Original

Top 10 most entertaining passwords… that are also ridiculously easy to hack

BY KERRY TOMLINSON, AMPERE NEWS

January 28, 2022

The world's most boring password is 123456. Millions of people use it, and it's so weak you might as well help the thieves carry your valuables out in boxes and give them a ride home. In fact, most of the most popular passwords are far from fascinating.

We're out to find a different kind of password. The kind that is also easy to hack, but comes with extra flavor. We analyzed the most popular passwords around the globe to see which ones could at least bring a smile --- right before attackers plow right through them to people's accounts.

Here's our top ten most entertaining world passwords that just about any attacker could break. If you're using one of them or passwords like them, you're putting yourself at high risk for a hack.

Watch here:

How we did it

We analyzed password data from NordPass for the top 200 passwords in 50 countries from Australia to Vietnam. Each country has its own password culture, but we found common themes that make it easy for attackers to prevail. For this top ten list, we chose the passwords with the most zing.

#10: Pet name passwords

 At the keyboard, our thoughts sometimes turn to romance. Many people use pet names for their passwords, not what you call your dog or cat, but a person you love, like baby, honey and sweetie. Most popular pet name passwords are the run-of-the-mill schmoopy variety.

Top choice:

Password: Bokkie

Country: South Africa

Meaning: Little buck

Why:

It means 'little buck’ — like a pronking springbok — but it's used as a show of affection, like 'sweetheart.' Some describe bokkie as "one of South Africa's nicest words." A little antelope called Bokkie played the role of Smokey the Bear in South Africa in years past, encouraging people to prevent wildfires. Now a plucky little springbok named Bokkie is a mascot for a South African rugby team. Bokkie is cute as a button! However, as a password, bokkie can be cracked in two minutes, no sweat for an attacker.

#9: Insult passwords

If passwords make you angry, you're not alone. A large number of world passwords involve insults, from mild to extremely profane.

Top choice:

Password: Panget

Country: Philippines

Meaning: Ugly

Why:

It may sound harsh, as in this example from the Urban Dictionary:  "That dude is so panget, his reflection got a blindfold." But some people also use it as a cute name for their partner. It’s one of the gentlest insults we found in the overused password data. Panget (pronounced ‘pang-it’) is woven into pop culture in the Philippines, in songs and in a 2014 movie, Diary ng Panget (Diary of an Ugly Person), a box office hit telling the story of a non-traditionally attractive girl who finds true love. Use panget as a password and you'll be very attractive to cyber crooks who can guess it in just one minute.

There are a few other insult passwords around the world that do not involve the standard offensive words and phrases:

Lammas (Estonia): sheep, also "dumb or absent-minded"

Wombat (Australia): an animal, slang for "block-headed"

Lopas (Lithuania): patch, slang for "moron"

#8: Animal passwords

What's your favorite animal? Chances are you've used it in a password once or twice.  The world's most popular passwords include a menagerie of beasts both wild and domestic, with monkey, cat, and butterfly making a showing in almost every country.

Top choice:

Password: Caonima

Country: China

Meaning: Grass mud horse

Why:

Caonima is the name of a fictional llama. However, the words sound very similar to a very vulgar phrase in Chinese. Don't Google it, especially not at work. This play-on-words creature became wildly Internet famous, showing up on shirts and mugs and in kids' toys sold on the Walmart site and other places. At one point, people were reportedly using caonima to skirt government censorship and it was said to be an "icon of resistance."  But give attackers 17 minutes with your grass mud horses, and they’ll break them.

#7: Computer passwords

Tired of trying to come up with a password? You might just write down what you see in front of you. And thus, the computer-themed password is born. Internet, keyboard and computer all finds spots in the well-used password lists.

Top choice:

Password: Papaki

Country: Greece

Meaning: @

Why:

Papaki is the name for the @ symbol, but also means "little duck" in Greek.  In addition, Papaki is the name of a company said to be the leading domain name registrar in Greece. Either way, passwords hunters can snare your papaki in just five seconds.  People in another country use the @ symbol as well: Hungary's "kukac," or worm, is a popular password hackable in ten seconds.

#6: 'I give up' passwords

Frustrated by yet another password to create? Sometimes we just give up and fill in the blank, with words like "dunno" in Hungary and "blabla" in Israel.

Top choice:

Password: Hogehoge

Country: Japan

Meaning: Something something

Why:

Hogehoge is like "blah blah blah," says cybersecurity evangelist Yohei Ishihara of Trend Micro.  Words with repeat syllables are very common in Japanese --- in Japanese passwords. Kirakira (glitter) and mokomoko (fluffy) rank high as well.

"The trick here is, it's very easy to remember or easy to type," he told Ampere News. "The word is very easy to use."

A little too easy, he says. Hogehoge can be cracked in two seconds. He does not recommend it as a password.

#5: Hooligan passwords

In our passwords, we often play the scoundrel, choosing words like killer, stalker and playboy.

Top choice:

Password: Bigboy

Country: Nigeria

Meaning: Someone who flaunts wealth online

Why:

Big boys live large on social media, showing off cars, clothes and cash. But some of their viewers question where the money comes from. Some of Nigeria's biggest big boys, like Ray Hushpuppi, have been arrested for cybercrimes. The FBI called Hushpuppi one of the most high-profile money launderers in the world. What about bigboy as a password? Less than a second, and a real big boy can take over your account.

#4: Outhouse passwords

Our passwords have gone down the toilet. We frequently help ourselves to bathroom phrases to fill in the gaping blank space on the screen. Most are your generic scatalogical references, but this one stands out for its creativity.

Top choice:

Password: Bajskorv

Country: Sweden

Meaning: Poop sausage

Why:

This is a favorite phrase of Swedish children, according to the YouTube Swedish learning channel Fun Swedish. "Children use this a lot when they're angry or just a bit naughty. Adults can use it since it is a little bit cute,” the instructor tells us. How do you you use it? Try this: "Du är en bajskorv. You are a poop sausage." This password sausage would take three hours to hack, which may sound like a lot, but is still child's play for crooks online.

#3: Pop culture passwords

Sports teams, car brands, and musical groups are all go-to names for passwords. But movies and movie characters are trending around the world, with easy-to-crack selections like Star Wars, Superman, Gandalf and Naruto, an animated character.

Top choice:

Password: Matrix

Country: Germany

Meaning: Movie

Why:

The latest Matrix movie, The Matrix Revolutions, was shot in part in Germany, which may have helped lead the password to prominence there. In the original movie from 1999, intelligent machines create a fake reality for humans in order to harvest their energy. Now, in 2022, it seems that humans may be creating their own fake reality without the help of robots. The Matrix had a big impact on pop culture, and is a top password in 16 other countries, including Austria, Belgium, Latvia and the United Arab Emirates. Real life attackers using intelligent machines can hack it less than one second.

#2: Children's story passwords

Childhood story characters are well loved and well used on the keyboard, but they can be a piece of cake to crack. That does not stop us from tapping Winnie the Pooh, Snoopy, Spongebob and more for inspiration.

Top choice:

Password: Kolobok

Country: Ukraine & Russia

Meaning: Small round bun

Why:

In the fairy tale, beloved Kolobok is a little lump of dough who escapes from Grandma and Grandpa and goes on adventures, singing gaily until he is eaten by a fox. The little bun’s earworm songs play on your head long past adulthood. Both Ukraine and Russia claim to be the true origin of Kolobok, but researchers note that many countries have similar stories of bread, doughnuts or pancakes that run away from home.

"People choose it because it is a popular character and an easy word to type on the keyboard. There are of course other popular characters, but none of their names are as easy to type on the keyboard as 'kolobok,'" said cybersecurity researcher Marina Krotofil. "Convenience always wins!"

It's convenient for attackers, too. They'll have this doughball fried in less than a second.

#1: Cheeky passwords

At some point, we begin to fight back. Our passwords turn into retorts like "whatever" and "sanane'" ("none of your business") in Turkish.

Top choice:

Password: Jemoeder

Country: Netherlands

Meaning: Your mom

Why:

The connotation is the same in Dutch as in English, said Martine van de Merwe of PrivacyLab in the Netherlands. "When someone asks you something and you're a bit annoyed about it," she explained with a laugh. "'I have to change my password. Your mama.' I think it's an expression of annoyance about having to change the password again."

It’s funny, but risky, cybersecurity professionals say.

"I think it's too short," said Lourens Dijkstra, Chief Information Security Officer at a healthcare facility, Lentis, also in the Netherlands.

Jemoeder is hackable in three hours, not hard for cyber crooks using automation.

"Ways to make it stronger, it's always, ‘Make it longer.’ So maybe you can make a sentence about your mother," added van de Merwe.

A polite sentence, we might add, for the sake of moms everywhere.

What to Do

If you’re using any of these passwords or similar ones, here’s how to protect yourself:


  1. Many cybersecurity experts recommend making a long password or passphrase. Shoot for 16 characters or more, if you can. It may seem daunting, but it's not as hard as you might think. For example, toptenmostentertaining is relatively simple and clocks in at 22 characters.


  2. Store them in a password manager so you don't have to remember them all.


  3. Add in multi-factor authentication, a second step like a code sent to an app on your phone, to serve as a deadbolt on your account door.


  4. Don't re-use the same password on different accounts. If you do, attackers can take your password from one data breach and use it to break into your other accounts.


Don't Name Names

In some countries, people prefer to use first names as passwords, like Michael, Alejandro and Samantha (all crackable in ten seconds or less). This is true in Hungary, where first names Attila, Zolika, Tomika and Lacika rank in the top 20 passwords (and fall in just two minutes of hacking).

Naming names is passwords is a bad idea, advised Albert Zsigovits of Hungary, a cybersecurity researcher at Acronis.

"Never include personal identifiable information in your passwords," he told Ampere News. "Malicious actors can build a dictionary from personal information and then launch a password dictionary-attack that will try your birthday, pet's name, family names, hobbies, home address. An example that is easy to crack: Fluffy1980."

He adds these tips:

---Never enter your credentials online while browsing the Internet through unencrypted Wi-Fii.

---Do not store passwords in plain-text files or in Excel sheets

---You can subscribe to monitoring services that alert the user in case his/her password has been found in a recent password leak, like monitor.firefox.com and haveibeenpwned.com/Passwords

FINAL WORD

These entertaining-but-terribly-weak passwords are best enjoyed from afar, not up close and personal in your accounts. The next time you need to make a password, make it a sentence. You and your bokkie wont regret it.

Thank you to the following people who contributed cultural knowledge to this report: Liisa Tallinn, Tracey Lam, Erhan Yakut, Can Demirel, Stephan Beirer.

See this content in the original post

Featured Stories

See this gallery in the original post