Keep “iloveyou” for your Valentine, Not Your Password!

“iloveyou” was found among the world’s most common passwords – it was used 197,880 times last year, according to the latest report by NordPass. Experts say this password can be cracked in less than a second. While affectionate words are entering the list of the most common passwords annually, cybersecurity experts say their use is a horrible idea.

Researchers say that in a 2.5TB database of leaked credentials that they analyzed, there were also other cute phrases people use to secure their online accounts. “princess” ranks among the top 200 most common passwords in the whole world, “valentina” – in Chile, and “sunshine” – in the United States. French people love “loulou” and “doudou” for their passwords – these words are used to express affection for someone.

A dangerous habit

“While we all know that love might have no limits, the words we use to express our feelings should – especially when it comes to passwords. Being creatures of habit, we then put those words in our passwords – if someone calls their partner “love” daily, it is only natural this word might be on top of their mind when setting online credentials,” says Karolis Arbaciauskas, head of business product at NordPass.

Every year, NordPass reveals the world’s 200 most-used passwords. This year, the company also showcased how they differ among 44 countries worldwide and what kind of corporate passwords people use for their work accounts.

“As many as 70% of the passwords in the past year’s global list can be cracked in less than a second, and this is highly alarming. With leaked credentials, threat actors can get you locked out of your important accounts, steal your sensitive data, and sell it on the dark web, risking even your physical privacy. And this is only one of the scenarios,” says Arbaciauskas.

How to improve your account security

Besides avoiding loving words in passwords, Arbaciauskas has other recommendations that could easily increase the strength of your online accounts.

—  Create long passwords and avoid dictionary words. They should consist of at least 20 random characters, namely upper – and lowercase letters, numbers, and special symbols.

—  Add multi-factor authentication. Anything – additional confirmation via email or phone, physical security keys, or biometric confirmation – is better than a password alone.

—  Try passkeys wherever possible. Most modern websites allow logging in with passkeys, a new and alternative method of online authentication. This technology is currently considered the most promising alternative to passwords and is greatly supported by most tech giants, including Apple, Microsoft, and Google.

Research methodology: The list of passwords was compiled in partnership with NordStellar. They evaluated a 2.5TB database extracted from various publicly available sources, including those on the dark web. No personal data was acquired or purchased by NordPass to conduct this study.

Researchers classified the data into various verticals, which allowed them to perform a statistical analysis based on countries. NordPass exclusively received only statistical information from the researchers, which gives no reference to internet users’ personal data.