If your passwords are based on your first name, birth date or a simple number sequence, you face a heightened risk of hacking and cyberattacks, according to data from Israel’s National Cyber Directorate. A new review of about 440,000 passwords belonging to Israelis that leaked onto the darknet paints a troubling picture of poor cybersecurity habits among the public.
Israelis, it turns out, are fond of numbers and cultural icons. The data shows that the most popular category of passwords in Israel, accounting for about 35%, consists of ascending number sequences such as “1234.”
In second place, also representing 35%, are passwords based on keyboard patterns, such as “1q2w3e.” Other common passwords include first names alone (10%), combinations of names and numbers (6%), and dates or years (6%).
Beyond the raw numbers, the study identified several cultural trends unique to Israelis, including the use of names of movie and pop culture heroes, soccer-related terms, military slang and even Russian curse words. Another common technique is typing Hebrew words while the keyboard is set to English, creating what appears to be a random string of characters but is actually easy for modern hacking tools to crack.
And if you thought Israelis were unique in this regard, not really. A look at Britain, the United States and China shows that password habits in Israel are not fundamentally different from those in other countries, though there are some interesting cultural distinctions.
In Britain, a study by the National Cyber Security Centre found that the most common passwords are “123456” and the word “password.” In the United States, reports by leading cybersecurity firms indicate that American sports teams and car brands are commonly used in passwords. In China, by contrast, there is widespread use of numbers considered lucky charms in local culture, such as the number 8, as well as the use of the Pinyin system to type Chinese words using Latin characters.
What all these countries share is the human tendency to choose passwords that are easy to remember, which also makes them easy for hacking software to guess by running millions of combinations per second.
From passwords to facial recognition
The need for passwords has accompanied humanity since ancient times as a form of identification at military gates. In the modern computing era, however, the story began in the 1960s at the Massachusetts Institute of Technology, where the option to protect files with a personal code was first introduced.
Over the years, as computer processing power increased, the simple password became an insignificant obstacle for hackers. This led to the development of more advanced solutions such as two-factor authentication and password managers, which allow users to avoid memorizing passwords by storing a secure encrypted database of complex and unique passwords for every site.
The latest technology today is passkeys, supported by tech giants including Google, Apple and Microsoft. The system eliminates the need to type passwords entirely and instead relies on biometric identification, such as fingerprint or facial recognition, through a personal device.
So how can you really protect yourself?
Israel’s National Cyber Directorate stresses that the main problem is not only password strength, but also the repeated use of the same password across multiple sites. Once one site is breached, all of a user’s accounts are put at risk.
To create a strong password that is still easy to remember, the directorate recommends using the initials of a personal sentence, for example, turning “I once lived on the 10th floor at 32 Ben Yehuda St. in Tel Aviv” into a complex string of characters — or incorporating a simple mathematical formula into a word.
Still, the unequivocal recommendation is to adopt two-factor authentication and use passkey technology wherever available, removing the human factor from the security equation. The hope is that the trend toward replacing traditional identity verification mechanisms with biometric authentication through computers and smartphones will continue, making passwords increasingly rare and obsolete.