That's what makes you hackable: Please, baby. Stop using 'onedirection' as a password

And other moronic choices

One Direction on 'Good Morning America' in Central Park on November 26, 2013 in New York City
Bad music, worse password (JStone / Shutterstock)

Newsflash: Not only do people still suck at passwords, but they also have diabolical music taste.

Among a number of eye-popping choices, research by NordPass – a password manager from the folk behind NordVPN – discovered that at least 30,388 people, presumably 12-year-old pop fans at the time of signup, use "onedirection" as their password.

Breunion Boys pull shapes on a beach

Dutch boyband hopes to reverse Brexit through the power of music

READ MORE

For the blissfully ignorant, One Direction – or 1D if you're cool – were a fluffy-haired boyband who finished third in the 2010 series of the UK's X Factor, signed to pop doyen Simon Cowell's record label and, contrary to all reason, conquered the globe with nauseating, unoriginal tripe like "What Makes You Beautiful".

Normies really need to start reading The Register because we continually find ourselves having to explain why this kind of behaviour is precisely what makes you hackable.

But strap in – we're just getting started. Fans of ludicrous displays have an unfortunate tendency to go with their favourite ball-kicking teams, with 41,272 choosing "liverpool" as their password and 40,499 opting for "chelsea".

Among comic book nerds, Superman had the upper hand with 56,113 taking the musclebound Kryptonian's alter ego as their password, according to NordPass, compared to just 37,973 Batmans guarding the gates to online accounts.

Meanwhile, in Pakistan, 41,798 folk thought that the name of their homeland would suffice to keep their web haunts locked down.

The main takeaway is that despite heaps of expert advice not to do this, the average netizen continues to think that the password field is a great place to represent their personal interests.

Such info is easily scraped from social media – another good reason not to shout too loudly about your life online – then set to work in brute-force attacks, where hackers simply throw the most popular passwords against a wall to see what sticks with the help of purpose-built software.

In December, NordPass compiled the 200 most popular passwords from a study carried out by independent researchers, who asked to stay anonymous. They sifted through a database of 500 million passwords leaked in various data breaches and hacks during 2019 (12345 still ruled with 2,812,220 instances). NordPass has now put together a cheat sheet on the worst kind of trends that people should avoid when setting up online accounts.

  1. Easy-to-guess number combinations (12345, 111111, and 123321)
  2. Strings of letters forming a horizontal or vertical line on the QWERTY keyboard (asdfghjkl, qazwsx, 1qaz2wsx)
  3. "password" and all combinations of it (Password1, password1)
  4. Popular female names (Nicole, Jessica, Hannah)
  5. Positive, happy words (iloveyou, princess, sunshine, family)
  6. Favorite sports or sports team (soccer, Liverpool)
  7. Favorite music group (onedirection)
  8. Name of the service or device they're using (facebook, samsung)
  9. Swear words
  10. Admin-type passwords (computer, test1, welcome)
Friends singing at karaoke

Science says death metal fans delightful and intelligent people, great at dinner parties

READ MORE

Chad Hammond, a "security expert" at NordPass, commented: "Often, people don't put too much thought into creating strong passwords. They think it's hard to guess a password or that a common person is not attractive to hackers. Reality is different. Everyone has accounts and information that are of some value to attackers. 'Password guessing,' or brute-force attack is an automated, common, and effective method to hack people's passwords."

Making a secure password is easy-peasy too, if only people knew. There's a huge market for password managers – software that does the hard work generating and storing them for you – and NordPass is far from the only game in town. Whether it's LastPass, 1Password, Dashlane or more, most have a free option. So if Google got you here through the "One Direction" hook, tell your parents, your kids, your partners to knock that P@ssw0rd shit off and register with one.

Fortunately, this hack's favourite band is D7xN$%4uO@S0 – strong password-themed harsh noise from Samoa. Good luck hacking us, cybercrooks! ®

Sponsored: Webcast: Why you need managed detection and response

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER


Biting the hand that feeds IT © 1998–2020