Right now, somewhere in the world, a handful of people are probably logging into their email or Facebook accounts with the password password—or, worst of all, 123456. These are bad ideas for obvious reasons, but you might be surprised by some of the commonly used passwords that are considered insecure. Topping SplashData’s list of the worst passwords of 2018 were zaq1zaq1, merlin, and, ironically, trustno1.
As Gizmodo reports, there’s another example of what not to use as your password that didn’t appear on SplashData’s list: ji32k7au4a83. One might assume that this alphabet-soup password would be difficult for hackers to guess, but the problem is that the series of letters and numbers isn't random at all.
That’s because the Chinese symbols for my password end up becoming ji32k7au4a83 when they’re transliterated using a phonetic system called Zhuyin Fuhao—also known as Bopomofo. Unlike mainland China, which uses pinyin (a way of “Romanizing” Chinese characters), the Zhuyin keyboard is primarily used in Taiwan. Essentially, the character for M ends up being ji3, the character for Y becomes 2k7, and so on, until my password is spelled out. (If that seems confusing, Gizmodo has a more in-depth explanation of how it works here.)
According to data breach repository Have I Been Pwned, this jumbled password popped up up over 100 times in various breaches. In other words, the problem of picking easy-to-guess passwords isn’t limited to the West.
Even if you don’t speak Mandarin, it doesn’t hurt to double check that your passwords are safe and secure. It’s recommended that users create a unique password for each account (and a password manager can help you keep them all straight). Long passwords composed of nonsense phrases, numbers, symbols, and uppercase letters also tend to fare better—and whatever you do, don’t make your password qwerty.