They are based on leaked password databases. Which creates a huge bias: simple passwords are over-represented compared to complex passwords in these databases, because in most cases what is stolen is a database of hashed and salted passwords. , and therefore it is necessary to carry out a dictionary or brute force attack to find the corresponding passwords… an attack which will therefore only find the simple and common passwords present in the dictionary used (or very short in the case of brute force ).
Listing the most common passwords actually has almost no point, other than allowing NordPass to make a name for itself by publishing the study.
What would be much more interesting is to study the ratio of broken hashes to total leaked hashes, and see if this ratio tends to decline over time.
No, not if the site correctly implements good security practices: we no longer make hash without salt, and we even avoid making it with static salt.
Belgium
Related News :