Highlights

• NordVPN has recently released a report with the list of the top 10 most frequently used passwords among Indians.
• The report also specifies the estimated time it takes a hacker to hack these commonly used passwords.

Our lives are driven mostly online nowadays and most of our online presence is password protected.

Passwords are one aspect of being online that makes online activities secure.

However, managing passwords can be challenging.

It is more so when you juggle multiple devices and accounts at the same time.

It is often advised that you should change your password every two months and it is something we all try to do.

But, the reality is that there’s a limit to how many password combinations one can effectively remember.

Which is why most of us usually end up repeating our passwords.

A recent study conducted by NordVPN unveils the top 10 passwords frequently used by Indian users.

The report provides insights into the estimated time it would take to hack these passwords and the prevalence of individuals opting for these insecure choices.

Let’s delve into the details of the findings.

Top Most Common Hacked Passwords List

Here is a list of the 10 most frequently used passwords by Indian users along with an estimated time it takes a hacker to hack them.

The NordVPN report also provides the number of people who have chosen these passwords. So, let’s begin –

1. “123456”

You have got to stop with the Common Numeric Sequence, guys! This one is always on the top of the lists and as per the recent report, we still have as many as 363,265 users opting for it.

As for hackers, they are having a great time since it takes less than a second for them to hack into an account with “123456” set as a password.

2. “Admin”

You can’t get more vulnerable than this. “Admin” as a password can be hacked in less than a second, and not-so-surprisingly, a staggering 118,270 individuals are still using it.

3. “12345678”

Despite its vulnerability, a staggering 63,618 users still opt for this password, which can be cracked in less than a second.

4. “12345”

Selected by as many as 56,676 users, this password is susceptible to hacking in less than a second.

5. “Password”

Who would have thought that “password” is your “password.”

Well, you might think it is some genius password idea, but it takes less than a second for hackers to crack this. Interestingly, 52,334 users are still opting for it.

6. “Pass@123”

Adding a special symbol might appear foolproof but wait before we break it to you.

Despite adding the “complexity”, this password takes only 5 minutes to crack. And yet 49,958 users online continue to use it.

7. “123456789”

Again the numeric sequences!! Surprisingly common, this password is crackable in less than a second and is set by 41,403 users.

8. “Admin@123”

Most official tech departments use these extremely hackable common passwords.

Lists highlighting vulnerable passwords have flagged it many times and yet 22,646 users have chosen this password.

9. “India@123”

With moderate security, it takes hackers around 3 hours to crack “India@123” and has been chosen by 16,788 individuals.

10. “admin@123”

Just a minor capitalization variation from number 8 on this list, “admin@123” is again a commonly used password amongst Indian users.

This password can be hacked in 34 minutes. As per the report, 16,573 users opted for it.

Best Practices To Set Up a Strong Password

There is always a looming threat of using a password that anyone can easily predict. Here are some best practices that you can follow to set up a strong password –

Go for Complex combinations

To ensure you have a strong password, you need more characters and at least 20 is what most experts would suggest.

The ideal password should typically include uppercase, lowercase and special letters in combination.

What you should do is avoid using your name, birth date or any other recognisable personal identity detail in the password. This always makes passwords easy to crack.

Avoid Reusing Old Passwords

There are only so many new combinations that we can come up with, right?

And yet it is extremely important to avoid reusing your old passwords.

One of the most common ways hackers hack into your account is by attempting to break into using your password on every account linked to your name.

Try to Revisit Your Passwords

Just monthly prepare a routine and revisit your passwords.

Make sure you check your old passwords during this routine.

It is always suggested that you do this exercise for accounts you no longer use.

Use a Password Manager

While storing passwords in one Word or Excel file safely in a corner of your personal computer might seem convenient and safe, a password manager can perform this task with zero to minimal intervention.

It might not seem like a big task but it can be chaotic so, use the password manager that aids in selecting, storing, and retrieving complex combinations for your accounts.

FAQs

Q1. How do hackers guess a password?

Answer. Although there are multiple ways, brute force is a common method of password cracking.

It uses a bot to repeatedly guess random passwords until it finds the right one.

These bots can try hundreds of passwords a second – but they are more likely to guess passwords that include dictionary words (also known as a dictionary attack) or passwords that are short.

Q2. Can hackers crack into my Instagram account password?

Answer. Yes, Instagram hacking methods involve social engineering and malicious software, such as keyloggers and phishing tactics.

Third-party apps and compromised platforms can also be used to hack Instagram accounts.

Q3. What are some of the features of a strong password?

Answer. A strong password should have the following –

• At least 12 characters long but 14 or more is better.
• A combination of uppercase letters, lowercase letters, numbers, and symbols.
• Not a word that can be found in a dictionary or the name of a person, character, product, or organization.
• Significantly different from your previous passwords.

How to protect yourself online?

Use Two-Factor authentication everywhere, Multifactor authentication if available.

Password managers are also a secure option along with physical authentication FIDO key. Never use one password for multiple services, this is very common, probably because it’s a task to remember all passwords.

However, if one account gets compromised, you will lose access to other accounts as well.

How do hackers find out your password?

Hackers use multiple tools and methods to ‘crack’ your password.

Brute force is one such method where hackers would use automated scripted tools that try multiple passwords usually from a password list containing many words.

Then comes the more complex ‘Dictionary attack’, where hackers again use scripts for automation, lists of usernames and passwords available on the darknet or leaks, and run them on the login prompt.

Both these techniques are highly time-consuming. However, these common passwords can be broken in a matter of seconds.

While these techniques are remotely executed and very time-consuming, hackers have other ways to trick you into sharing your password.

Phishing, Malware, keyloggers and scam calls (social engineering), Man in the middle attack are a few of the common techniques used.

If you find your Instagram, Facebook, or Twitter passwords change one day, it might not be a hacker, it could be someone you know.

This is known as ‘Spidering’, where the threat actor, befriends the victim intimately in order to find out key details that people use to secure themselves, like your birth date, your pet’s name, your mother’s maiden name, or even your first school or phone number. These questions are commonly found in password recovery sections.

What are other password trends?

A look at the top 200 most commonly used passwords in India reveals the practice of using religious names and entities for online security.

Some commonly used passwords in this regard are krishna, sairam, omsairam, jaimatadi, saibaba, ganesh and more. Most of these can be compromised by threat actors within 2 minutes.

People in India also tend to use their names as passwords. Some examples of this include sachin, abhishek, rajesh, sandeep, sweety, ashish, manish, hariom, anjali, suresh, prakash and more. All of these, and other such passwords, can be broken into within half an hour, the report mentions.

Then there are phrases that people often like to use as passwords. iloveyou, goodluck, jaihanuman, success, rockstar, girlsrockz, pass@123, lucky123, Senti123 are some of these. If you use such a password too, know that it can be hacked into extremely easily by hackers.

How to know if my mobile is hacked?

If you suspect your mobile device might be hacked, watch out for unusual activities such as unexpected battery drain, slow performance, unfamiliar apps, or excessive data usage. Following are some of the things to be kept in mind –

Be wary of unauthorized access to accounts or unfamiliar charges. Check for strange pop-ups, messages, or calls.

Keep an eye out for unexplained changes in settings or security warnings can also be red flags.

Install a reputable antivirus app to scan for malware.

If you notice any unusual signs on your mobile, it’s crucial to run a security scan, update your software, and change your passwords immediately. Consulting a cybersecurity professional can provide further assistance and peace of mind.

What to do if your phone is hacked?

If you suspect your mobile phone has been hacked, here are some actions you can perform before getting professional help –

Turn off Wi-Fi and mobile data to prevent further unauthorized access. Immediately change passwords for email, social media, and banking accounts.

Use a reputable antivirus app to scan your device and remove malware. Ensure your phone’s operating system and apps are up-to-date to patch vulnerabilities.

Inform your mobile service provider about the hack for additional support.
Regularly monitor your accounts for suspicious activities and report unauthorized transactions immediately.

If the situation escalates, consult a cybersecurity expert or tech support for professional assistance.

How to prevent your phone from getting hacked?

To prevent phone hacks, update your device regularly, install reputable antivirus software, avoid clicking on suspicious links or downloads, use strong, unique passwords, enable two-factor authentication, and be cautious of public Wi-Fi.

Additionally, refrain from granting unnecessary app permissions, and stay vigilant against phishing attempts and suspicious messages or calls.

What can hackers get from my mobile if I click a link?

Clicking a malicious link can allow hackers to access sensitive data such as passwords, personal information, and financial details.

They may install malware, steal login credentials, control your device remotely, or even lock you out, demanding a ransom. Always exercise caution and verify the authenticity of links before clicking.

How to know my WhatsApp chat has end-to-end encryption?

All WhatsApp users should ensure that their chats are end-to-end encrypted.

To verify that a chat is end-to-end encrypted, open the chat > tap on the name of the contact to open the contact info screen > tap Encryption to view the QR code and 60-digit number.

WhatsApp end-to-end encryption ensures that only you and your contact can read the messages that are being exchanged and nobody in between, not even WhatsApp.

Can you recover a hacked WhatsApp?

In order to get back your hacked WhatsApp account, you need to log in again to WhatsApp with your phone number.

You will receive a six-digit verification code via SMS that WhatsApp reads and logs you in automatically.

What is an Acoustic Side-Channel Attack?

An acoustic side-channel attack uses sounds made by a keyboard during typing to decode exactly what is being typed. Utilising AI-driven malware or devices, it can reveal sensitive information like passwords and banking details.

How was the Acoustic Side-Channel Attack Experiment Conducted?

The experiment involved using a MacBook Pro and an iPhone 13 Mini to record keyboard sounds.

The recordings were then analysed by an AI program, which was able to deduce the keys pressed with astonishing accuracy.

What are the Implications of Acoustic Side-Channel Attacks?

This form of hacking could expose sensitive information like passwords and personal messages.

It goes beyond traditional visual hacking, affecting various keyboards and devices.

How Can I Protect Myself Against Acoustic Side-Channel Attacks?

Protection methods include altering your typing pattern, creating complex passwords with mixed characters, introducing background noise, and keeping your devices updated with regular security checks.

How long does it take to recover hacked Instagram?

The recovery process looks different for everyone, but you should expect this to take a couple of weeks on average (a minimum of 5-10 business days).

What to do if your are unable to log into your Instgram account?

If you think your account has been hacked or an attempt to hack your account has been made and you’re still able to log in, there are things you can do to help keep your account secure:

Change your password or send yourself a password reset email. Turn on two-factor authentication for additional security.

Confirm your phone number and email address in account settings are correct. Check Accounts Center and remove any linked accounts you don’t recognize.
Revoke access to any suspicious third-party apps.

How do hackers get passwords?

Phishing is one of the most common ways that hackers gain access to other people’s login data. Phishing emails often contain links that lead to fake websites designed to trick you into entering your password.

How do hackers get usernames?

The easiest and most common way that hackers get passwords is from data breaches, in which huge amounts of user data has already been leaked or stolen from companies.

This data, which often includes usernames and passwords, is compiled into databases and may be sold on the dark web or downloaded freely on forums.

Why do hackers take Instagram?

Most hackers do this immediately so they can keep control of your account for themselves. They may even hold your Instagram account for ransom and request bitcoin or other plunder for you to get it back.

If that’s the case, you’ll need to report the activity to Instagram by following the step-by-step instructions here.

Also Read: How to Check and Recover Your Hacked Facebook Account

Also Read: Worried if your Google account is hacked? Here’s a way to find out

Also Read: How to Protect Your Instagram Account From Hackers?

Also Read: Mobile Can be Hacked by Clicking Links: Find These Important Tips