There is a truism among security experts, IT professionals, and the like which holds that systems are generally only as secure as their weakest link or their dumbest user. Many of the worst and highest-profile hacks, intellectual property thefts, systems intrusions, and data breaches that you read about are often made possible by making people fall for one of the oldest tricks in the hacker’s playbook — convincing people to click on a link or a message that they should instead avoid like the plague.

The same extends to the security protections that we end-users put on everything from applications and software that we use, to hardware like our computers and smartphones. A good example of this, and where many people fall short maybe without even realizing it, is in the iPhone passcode they choose to lock their device with (or the Android smartphone passcode, as the case may be).

The following list of some of the most easily guessable passcodes was recently published again after security expert Tarah Wheeler revealed them first back in 2019 — noting, at the time, that almost 30% of all iPhones that are cracked are locked with one of these 20 passcodes. Needless to say, if you use one of these, change it right now:


I’m no information security professional, but one of the things about that list that immediately jumps out at me is the fact that here we are in 2021, when most people are well accustomed to using mobile devices by now, and the most popular password people are using to lock their phone is still one that’s so bad it should be illegal. If you can’t be bothered to set a passcode that’s a bit stronger than literally the dumbest passcode on earth, then at least take advantage of Face ID or Touch ID on your iPhone (or the equivalent face and fingerprint unlock settings on your Android device) so that you don’t have to bother thinking up a password and can just use the much more secure physical feature that belongs only to you.

If you want to dive deeper into this topic of terrible and easy-to-guess passcodes and passwords, NordPass recently published its rundown of the 200 worst passwords of 2020. It’s a great list to check out, because it not only identifies the terrible passwords but how many times they’ve been exposed, and how long it would take to crack them.

Here’s the list from NordPass. Unfortunately, the #1 and #2 worst passwords of 2020 were variants on that old, idiotic chestnut: “123456,” and “123456789,” respectively. By the way, it takes less than a single second to crack either of those, so if one of those is your current passcode, you might as well just go ahead and give your phone to the nearest hacker and save everyone the effort.
Read More