#comparitech

Researchers found that billions of leaked credentials from this year reveal users still relying on laughably weak passwords like ‘123456’, ‘admin’, and even ‘Minecraft’, leaving accounts wide open to brute-force attacks.

Source: Comparitech

A sidequest in the video game Fallout 4 has the player character going to the Boston Public Library to clear out monsters. One of the dialogue options is a speech check – a difficulty based option dependent upon the player’s stats, earning them experience points if successful – to guess the password of a city employee to gain entry without having to pick the lock or finding another entrance because the library is closed. The password in question? 123456. The employee? The Mayor.

Now, obviously this is a bit of a joke in the game, and a simple mechanic to shift the dynamics of the mission. Making the check also allows the player to enter without the security robots becoming hostile, since they are evidently an employee. The joke, of course, is that high ranking employees have simple passwords.

Except it’s not a joke.

A report published yesterday by Comparitech broke down the most common passwords from 2025, and the results are disheartening to say the least from the perspective of someone in cybersecurity. The researchers conducting the study collected more than 2 billion real account passwords leaked on data breach forums, and found that the top ten most used ones were some variation of consecutive numbers, ‘admin’, and even just ‘password’. Spread that to the top 20, and it gets worse. Two of the entries were ‘111111’ and ‘1111’.

These days, it can be safely assumed that everyone knows a strong password is best. Some sites require special characters to be included when making accounts, or require a password to be over a certain length. Some have time limits, making the user create a new one periodically. Two factor authentication is an additional layer of security, to ‘prove’ the user is who they say they are. But it’s apparent that many, many people are not following these protocols. 123456 took the top spot as most common within the dataset, over 7.6 million instances. And sure, there’s room to consider that, on average, people don’t actually use this as a password and the data is biased. But the bias is that these accounts are all ones that were successfully hacked, thereby making the point that consecutive numbers do not a strong password make.

And it’s not just accounts like email or Amazon or Netflix. How many stories have we heard of nurses trying to get into medical records and using the password written on a sticky note on the back on the monitor? Not to mention, smart machines like televisions, refrigerators and home security are password protected. Allegedly. Recently, a friend of mine was able to fix their doctor’s scale by guessing the password. It was 0000, probably the default from the manufacturer that was never changed.

Most experts recommend a password at least 12 characters long. The longer it is, the lower the chances of it being cracked. Having a mix of case dependent letters, numbers and special characters increases the security as well. The best option is to create one that you’ll remember, have several variations of it for different accounts and to set one’s browser to delete all data upon closing. Yes, it means manually logging back in to everything, every time. And it’s not completely foolproof, since keylogger malware exists. But it is decidedly safer than using a default or something simple. This is how I do it, and I’ve never been hacked. Not once. Now, go make sure yours is strong enough.

^^^ Apparently we're blocked in Russia. That's according to the UK privacy and cyber security firm Comparitech.

Maybe Vladimir Putin thinks that people will start comparing him to Ramsay Bolton or Craghas Drahar. Though these days he reminds me most of the terminally obsessed Stannis Baratheon in the second half of GoT Season 5.

If you're in Russia and can still access Westeros Wisdom, send a DM to let us know. We won't publish your user name or location! It would also be interesting to know whether we're blocked in Belarus whose dictator reminds me a little of Janos Slynt.

VPNs are essential in Russia if you don't wish to be dependent on Putin-run state media. Shortwave radios might also be useful to some degree.

Internet Censorship 2022: A Global Map of Internet Restrictions

Comparitech write PAUL BISCHOFF Nearly 60 percent of the world’s population (4.66 billion people) uses the internet. It’s our source of instant information, entertainment, news, and social interactions. But where in the world can citizens enjoy equal and open internet access – if anywhere? In this exploratory study, our researchers have conducted a country-by-country comparison to see which…

Kebocoran Data 106 Juta Orang yang Pernah Bepergian ke Thailand Terungkap

Kebocoran data yang berisi informasi pribadi mengenai 106 juta orang wisatawan internasional yang datang ke Thailand baru-baru ini diungkap. Data-data tersebut berisi nama lengkap pengunjung, nomor paspor, tanggal kedatangan, jenis visa, status tempat tinggal, dan lainnya yang dapat menyebabkan ancaman keamanan informasi. Melansir Comparitech, data tersebut terindeks oleh mesin pencarian Censys…