Guessing​

• Believe it or not, a lot of breaches start from a password being guessed. ​
• Default passwords for devices and software are well known and included on these lists!​
• Tools that can be used to scrape social media or websites for keywords to use and then substitute and add variations are used to generate more targeted lists​
• Be mindful of social media data when setting password reminders or security questions – and if that information is out there on the web​
• Password Managers can be used to generate long, unique, and complex random strings to use for account passwords, making it near-impossible for a password to be guessed. Use a random passphrase when a password manager is unable to be used​
•  

• There are many sites that list the most commonly used passwords:​
• Password, Password123, Password1!​
• 123456, 12345678, abc123,​
• Qwerty, qwerty123!​
• Football, baseball, monkey, iloveyou​
• “SeasonYEARSpecial“​
• Summer2023!​
• Fall2023!​
• Winter2023@​