The first thing this writer did after speaking with experts for this article was to change her passwords and silently hope they are foolproof. If your password is any one of these – password, 12345, 123456, 123456789, 12345678–you might want to change it. These are the usual suspects, according to the 2021 NordPass’ Top 200 Most Common Passwords. NordPass, a password manager company, compiled this report in partnership with independent researchers specialsing in research of cybersecurity incidents. They evaluated a four TB-sized database that contains already leaked passwords. The report threw up interesting results.  Krishna, Omsairam, Jaimatadi, Hanuman, Waheguru, Bigbasket, Linkedin and Iloveindia are some of the most common passwords in India. While some passwords took less than one second to crack, others almost three years (read: wowecarts@123). “However, if the password has already appeared in the top 200 list, even if it takes three years to crack, people shouldn’t use it, as clearly, a lot of people are already using it,” says Jonas Karklys, CEO of NordPass. 

If your password is just numbers, it will take less than one second to crack it, shares Aadarsh Parmar, who has a BTech degree in computer science and is well-versed with the technique of hacking and cracking passwords. He says that a strong password should be anywhere between 12-16 alphanumeric and special characters. “It is easy to apply combinations to an eight-character password, but the combinations for a 16-character password are elongated and complex. If I were to crack it [ a 16-character password], it would take me more than a year,” he adds.  Ritesh Bhatia, cybercrime investigator and Founder of V4WEB Cybersecurity, believes that even the strongest password, without any two-factor authentication, is as weak as the weakest password. Two-factor authentication is an extra layer of security beyond the username and password. It is usually in the form of receiving an OTP.  He believes that it is the responsibility of the platform to guide and help users to come up with a strong password. They can do this by ensuring that all users have a minimum 10-character password consisting of a combination of uppercase and lowercase alphabets, numbers and special characters. “Just the way it is compulsory to have a password, two-factor authentication should also be necessary,” he adds.