{"id":54593,"date":"2023-11-20T02:33:12","date_gmt":"2023-11-20T02:33:12","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/"},"modified":"2023-11-20T02:33:12","modified_gmt":"2023-11-20T02:33:12","slug":"your-password-hygiene-remains-atrocious-says-nordpass","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/","title":{"rendered":"Your password hygiene remains atrocious, says NordPass"},"content":{"rendered":"<p><span class=\"label\">Infosec in brief<\/span> It&#8217;s that time of year again \u2013 NordPass has released its annual list of the most common passwords. And while it seems some of you took last year&#8217;s chiding to heart, most of you arguably swapped bad for worse.<\/p>\n<p>Password manager vendor NordPass, which is well aware of the poor quality of passwords, <a href=\"https:\/\/nordpass.com\/most-common-passwords-list\/\" rel=\"nofollow\">reported<\/a> that <a href=\"https:\/\/www.theregister.com\/2022\/11\/25\/infosec_roundup\/\">last year&#8217;s<\/a> top password flop \u2013 &#8220;password&#8221; \u2013 fell to number seven, but previous leaders remain in the top spots.&nbsp;<\/p>\n<p>&#8220;123456&#8221; ranked the most popular across the globe, followed by &#8220;admin,&#8221; the oh-so secure &#8220;12345678,&#8221; and its cousin &#8220;123456789.&#8221; Strings of sequential numbers starting with the number one from four to ten characters were generally high on the list, as was UNKNOWN, which actually stood out from the group &#8211; most passwords NordPass ranked could be cracked in under a second, but UNKNOWN would require a full 17 minutes.&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>If you want to get local about things, NordPass customers in the US seem more likley to use generic passwords, with only one truly unique one \u2013 &#8220;shitbird&#8221; \u2013 in the top 20. UK residents prefer to show their team pride, with &#8220;liverpool,&#8221; &#8220;arsenal,&#8221; &#8220;chelsea,&#8221; and the more-generic &#8220;football&#8221; all in the top 20, along with &#8220;cheese&#8221; and &#8220;dragon.&#8221;&nbsp;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>According to NordPass, streaming platforms seem to be relegated to the bottom of the password priority list for most users, with users adopting particularly poor passwords compared to other credential categories it catalogs.&nbsp;<\/p>\n<p>As we seemingly need to remind you every year, longer passwords are always better, as are ones that combine upper and lower-case characters with numbers and symbols. For best results, use a password generator that can give you a long, random string that&#8217;s harder to guess than 123456 \u2013 or even UNKNOWN, for that matter.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>And for the love of your IT team&#8217;s sanity, don&#8217;t reuse passwords. Get yourself a good password manager, too \u2013 be it NordPass or some other one. Just use something. Please.&nbsp;<\/p>\n<div class=\"boxout\" readability=\"24.183712852181\">\n<h3 class=\"crosshead\">Critical vulnerabilities: A sticky week for Siemens<\/h3>\n<p>Remember the quintet of Juniper firewall vulnerabilities we reported in September that, individually, were all quite low risk but combined into a CVSS 9.8 that gave attackers the ability to remotely execute code on vulnerable devices? Well, now they&#8217;re being <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2023\/11\/13\/cisa-adds-six-known-exploited-vulnerabilities-catalog\" rel=\"nofollow\">exploited in the wild<\/a>, says CISA. Get patching.&nbsp;<\/p>\n<p>The CVSS 9.8 vulnerability in SysAid helpdesk software we <a href=\"https:\/\/www.theregister.com\/2023\/11\/09\/moveit_cybercriminals_behind_latest_sysaid\/\">reported<\/a> earlier this month has also been added to CISA&#8217;s known exploited vulnerabilities database (in the same alert as the Juniper ones), so be sure those patches are installed, too.&nbsp;<\/p>\n<p>Otherwise, most of the big vulnerabilities of the week were covered in this month&#8217;s <a href=\"https:\/\/www.theregister.com\/2023\/11\/15\/november_2023_patch_tuesday\/\">Patch Tuesday roundup<\/a>, but companies running lots of Siemens products better still pay attention to this list of ones we didn&#8217;t include:&nbsp;<\/p>\n<ul>\n<li>CVSS 10.0 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-01\" rel=\"nofollow\">Multiple CVEs<\/a>: The firmware in several Red Lion Sixnet Remote Terminal Units are failing to challenge TCP\/IP traffic, enabling RCE attacks.<\/li>\n<li>CVSS 9.8 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-09\" rel=\"nofollow\">Multiple CVEs<\/a>: All versions of Siemens COMOS software contain 16 vulnerabilities that could allow RCE, DoS, data infiltration, and access control violations.<\/li>\n<li>CVSS 9.8 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-10\" rel=\"nofollow\">Multiple CVEs<\/a>: Siemens SIPROTEC 4 7SJ66 control and monitoring devices running software prior to v4.41 are vulnerable to a series of exploits that could cause DoS, RCE, etc.<\/li>\n<li>CVSS 9.8 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-12\" rel=\"nofollow\">Multiple CVEs<\/a>: Siemens SINEC PNI software prior to v2.0, used to initialized Siemens devices on a network, is improperly validating input and vulnerable to OOB write.<\/li>\n<li>CVSS 9.8 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-13\" rel=\"nofollow\">Multiple CVEs<\/a>: Siemens SIMATIC MV500 optical reader software versions prior to v3.3.5 are at risk for DoS, RCE, and privilege escalation thanks to a series of vulnerabilties.<\/li>\n<li>CVSS 9.1 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-03\" rel=\"nofollow\">Multiple CVEs<\/a>: Several versions of Siemens Desigo CC software are vulnerable to heap-based buffer overflows and buffer over-read, enabling RCE attacks and DoS.<\/li>\n<li>CVSS 9.1 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-08\" rel=\"nofollow\">Multiple CVEs<\/a>: Several series of Siemens Scalance switches running software prior to version 4.5 are vulnerable to a bunch of exploits that could give an attacker near total control over devices.<\/li>\n<li>CVSS 8.4 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-05\" rel=\"nofollow\">CVE-2022-47522<\/a>: Siemens Scalance W700-series WAPs are improperly validating input, allowing attackers to steal sessions and disclose information.<\/li>\n<li>CVSS 8.1 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-14\" rel=\"nofollow\">Multiple CVEs<\/a>: Siemens Ruggedcom APE1808 devices are improperly validating input and are vulnerable to SQL injection attacks.<\/li>\n<li>CVSS 8.0 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-320-06\" rel=\"nofollow\">Multiple CVEs<\/a>: Siemens SIMATIC PCS neo versions prior to 4.1 are rife with vulnerabilities that can lead to an attacker generating privileged tokens, executing SQL statements, and the like.<\/li>\n<\/ul>\n<\/div>\n<h3 class=\"crosshead\">FCC cracks down on SIM swap, port-out scams with new rules<\/h3>\n<p>The US Federal Communications Commission has enacted rules to combat the growing security risks of Subscriber Information Module (SIM) swapping and port-out fraud.&nbsp;<\/p>\n<p>In a <a href=\"https:\/\/docs.fcc.gov\/public\/attachments\/FCC-23-95A2.pdf\" rel=\"nofollow\">report and order<\/a> [PDF] adopted Wednesday, the FCC declared it would begin requiring wireless providers to &#8220;use secure methods of authenticating customers prior to performing SIM changes and number ports&#8221; \u2013 one method of which would entail notifying customers in some other manner of a SIM change or port-out request. Telcos will also be required to give customers the option to block SIM swaps and ports on their accounts, and provide notice to all customers of such protections.<\/p>\n<p>Wireless providers will also have to adopt processes for responding to failed authentication requests (so be sure you don&#8217;t forget that account PIN), make it easier for customers to report SIM and port-out fraud, and require providers to keep records of all SIM change requests and the methods they use to authenticate users.<\/p>\n<h3 class=\"crosshead\">New ransomware targets vulnerability you should have patched years ago<\/h3>\n<p>CISA, the FBI and the Multi-State Information Sharing and Analysis Center are warning that a new(ish) ransomware strain known as Rhysida is active, persistent and relying on some well-established vulnerabilities to break into weak networks.&nbsp;<\/p>\n<p><a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-319a\" rel=\"nofollow\">Rhysida<\/a>, first spotted in May, mostly targets the education, healthcare, manufacturing, IT and government sectors \u2013 critical ones, in other words \u2013 and once in a network lives off the land and <a href=\"https:\/\/www.theregister.com\/2022\/10\/09\/extortion_ransomware_threats_category\/\">double-extorts<\/a> victims.&nbsp;<\/p>\n<p>As is often the case, the criminals behind Rhysida aren&#8217;t turning to cutting edge, zero-day vulnerabilities to compromise networks. They&#8217;re attacking opportunistically and relying on old exploits like <a href=\"https:\/\/www.cisa.gov\/news-events\/cybersecurity-advisories\/aa23-319a\" rel=\"nofollow\">ZeroLogon<\/a> \u2013 a vulnerability in Microsoft&#8217;s Netlogon discovered and patched in 2020. If you haven&#8217;t patched that yet, first things first: Why? Second, get it <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-US\/vulnerability\/CVE-2020-1472\" rel=\"nofollow\">done<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Along with targeting very well known vulnerabilities, Rhysida&#8217;s controllers are leveraging other external-facing remote services, particularly VPN access points at organizations not using MFA by default. Phishing is also being used to trick victims into installing the malicious kit.&nbsp;\u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/11\/20\/your_password_hygiene_is_still\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ALSO: FCC cracks down on SIM-swap scams, old ZeroLogon targeted by new ransomware, and critical vulnerabilities Infosec in brief\u00a0 It&#8217;s that time of year again \u2013 NordPass has released its annual list of the most common passwords. And while it seems some of you took last year&#8217;s chiding to heart, most of you arguably swapped bad for worse.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-54593","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Your password hygiene remains atrocious, says NordPass 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Your password hygiene remains atrocious, says NordPass 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-20T02:33:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Your password hygiene remains atrocious, says NordPass\",\"datePublished\":\"2023-11-20T02:33:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/\"},\"wordCount\":1062,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/\",\"name\":\"Your password hygiene remains atrocious, says NordPass 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-11-20T02:33:12+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/your-password-hygiene-remains-atrocious-says-nordpass\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Your password hygiene remains atrocious, says NordPass\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Your password hygiene remains atrocious, says NordPass 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/","og_locale":"en_US","og_type":"article","og_title":"Your password hygiene remains atrocious, says NordPass 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-11-20T02:33:12+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Your password hygiene remains atrocious, says NordPass","datePublished":"2023-11-20T02:33:12+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/"},"wordCount":1062,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/","url":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/","name":"Your password hygiene remains atrocious, says NordPass 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-11-20T02:33:12+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZVs8zR0ycJ9xKjEX7Y4TaAAAAAM&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/your-password-hygiene-remains-atrocious-says-nordpass\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Your password hygiene remains atrocious, says NordPass"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54593","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54593"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54593\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54593"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54593"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54593"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}