The Information System Authority (RIA) revealed in its yearbook the 12 most common passwords in use in Estonia, noting that the U.S.' National Institute of Standards and Technology (NIST) now recommends using longer passwords and two-factor authentication wherever possible.
According to CERT-EE3, he 12 most common passwords in use by Estonian accounts are:
- lammas ("sheep")
- minaise ("I myself")
- maasikas ("strawberry")
- kallis ("dear")
- armastus ("love")
- lollakas ("stupid")
Password recommendations that had been in place for the past 15 years were updated last year, the RIA noted in its yearbook.
"The U.S. standards agency NIST replaced guidelines that had been in place since 2003, according to which a secure password included a combination of uppercase and lowercase letters, numbers and special characters," the agency noted. "The reason for the change is simple: the requirements are too complicated, and their effectiveness is questionable. The new recommendations set more realistic expecations of users and put more emphasis on a service design that supports the security of its user data. The gist of the recommendations is simple: passwords must be long, and sites should enable two-factor authentication."
Two-factor authentication has long since been available with services such as Google and various social media platforms, but remains unpopular. For example, under ten percent of users of various Google services have adopted two-factor authentication since its introduction in 2011.
Estonia's 15 years of experience with ID cards and their newer alternatives, Mobile ID and Smart-ID have seen better results, but are still not yet in universal use. For example, three quarters of users to log into the state online portal eesti.ee use their ID cards or Mobile ID to log in securely, however the remaining users still rely on bank links for authentication, utilizing primarily password cards, which are currently in the process of being phased out in Estonia, to log in.
Editor: Aili Vahtla