The Hasso Plattner Institute (HPI) has been warning about the risks of weak passwords for years, and every year it produces a ranking of the most commonly used passwords.
Passwords are digital keys to online accounts and our personal data – but the growing number of online accounts tempts many to choose weak passwords and/or use the same password for several accounts at once. Both entail considerable risks, because simple character and number combinations are very easy to crack, and with increasing digitalization, criminals have faster and more sophisticated tools at their disposal to obtain personal data.
Billion-dollar business with personal data
“The theft and trade of personal data has long been a billion-dollar business, and rapidly advancing digitalization is constantly opening up new and faster attack opportunities for attackers. Lax handling of passwords is dangerous,” warns Professor Christoph Meinel, Managing Director of the Hasso Plattner Institute (HPI). When choosing a password, he says, security must take precedence over convenience, and everyone must consider the possible consequences if the password falls into the wrong hands.
Even if there is no 100 percent protection against attacks on the Internet, personal data should definitely be protected as best as possible. This includes choosing long individual and complex passwords and regularly checking whether personal data is affected, as can be done, for example, free of charge with the help of the Identity Leak Checker from the Hasso Plattner Institute (HPI).
103960 evaluated access data
The Hasso Plattner Institute (HPI) has been warning about the risks of weak passwords for many years and produces an annual ranking to raise awareness of cyber risks among the general public. Since 2014, it has offered the Identity Leak Checker, a free online service that allows anyone to easily check whether personal data related to their email address is circulating on the Internet.
The Identity Leak Checker also forms the data basis for the most frequently used passwords of Germans, which the HPI publishes every year. This year, 103960 access data from the HPI Identity Leak Checker dataset were evaluated for this purpose, registered to e-mail addresses with .de domains and imported into the service with plaintext passwords in 2022. A total of 299 data leaks were entered into the Identity Leak Checker this year, containing around 85 million identities.
Top ten German passwords in 2022
The Identity Leak Checker
It is very easy to check whether you yourself have been the victim of data theft with the Identity Leak Checker, an online security check from the Hasso Plattner Institute (HPI). Since 2014, every Internet user has been able to check free of charge whether their identity data is circulating freely on the Internet and could be misused by entering their e-mail address at https://sec.hpi.de/ilc. The security researchers make it possible to compare the data with more than 12.8 billion identity data that have been stolen and are now available on the Internet. The focus is on leaks involving German users. The service is unique in Germany.
In recent years, more than 17.2 million users have had the security of their data checked with the help of the Identity Leak Checker. In more than 4.5 million cases, users had to be informed that their e-mail address was openly accessible on the Internet in conjunction with other personal data.
Special offer for companies and organisations
Identity Leak Checker Desktop Client is a paid offering for companies and organizations to help them continuously monitor their own domain(s). When new data leaks are imported into the ILC, the Desktop Client automatically checks whether email addresses of the monitored domain(s) are affected. The affected email address(es) can then be alerted immediately. For more information about the offer, please visit: https://sec.hpi.de/ilc/.