Each year the password manager company NordPass does a study of the worst passwords commonly used. These easily discerned passwords make their users particularly vulnerable to identity theft. These passwords become available to identity thieves through data breaches and can be found on the Dark Web, that part of the Internet where criminals buy and sell goods and services. According to NordPass in 2020 the top ten most common and easily cracked passwords were in order: 123456, 123456789, picture1, password, 12345678, 111111, 123123, 12345, 1234567890 and senha.  Senha is the Portugese word for “password.”  Some other popular and weak passwords that didn’t make the top ten include: iloveyou, pokemon, unknown, monkey, princess, superman, soccer and letmein. All of these are tremendously poor passwords that can result in your easily becoming a victim of identity theft.

We all have many devices and online accounts that require a password. While it is always a good idea to use dual factor authentication and other security enhancements when available, a good, strong password is still at the core of protecting yourself in the digital world. Unfortunately, too many people use common passwords that are too easy for an identity thief to guess and this can lead to identity theft. In addition, many people use the same password for each of their online accounts which puts them in jeopardy when a data breach at just one place provides the password to all of his or her accounts to a cybercriminal.


This list represents another warning that you should have a unique and distinct password for each of your online accounts.  This is not as difficult as it may appear.  You can start with a strong base password constructed from a phrase, such as IDon’tLikePasswords. Add a few symbols like !!! and then adapt it for each account you have so that you will have a secure and easy to remember password for each of your online accounts.   Thus, your Amazon password could be IDon’tLikePasswords!!!AMA.

Password managers which will create and store unique passwords for each of your accounts are also a good option.

Whenever possible use dual factor authentication for your accounts so that when you attempt to log in, a one-time code will be sent to your cell phone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and click on the tab that states “Sign up for this blog.”