The State of Account Security in India
India ranks among the top 5 countries globally for compromised credentials. The 2021 MobiKwik breach exposed 100 million users. The 2020 BigBasket breach exposed 20 million users. The 2023 CoWIN data leak exposed vaccine registration data for millions. In every case, the breach originated from a compromised database — but weak passwords made individual accounts far easier to crack after the breach.
The Most Common Indian Passwords (from breach data)
- Names + birth year: Rahul1990, Priya2000, Amit1985
- Mobile numbers: 9876543210, 8123456789
- Simple sequences: 123456, 123456789, password123
- Cricket-related: Dhoni7, Kohli18, ipl2024
- God names: krishna1, shiva108, ganesh1
Every password on this list can be cracked in under 1 second by modern tools. If your password follows any of these patterns, change it today.
The Three Rules That Actually Matter
- Rule 1: Unique password for every account. When a site is breached, attackers try your leaked password on every other site (credential stuffing). One reused password can compromise dozens of accounts.
- Rule 2: 16+ characters using mixed types. Length is the single most important factor. A 16-character mixed password takes longer to crack than the universe has existed.
- Rule 3: Use a password manager. You cannot memorise 50 unique strong passwords. A password manager (Bitwarden is free) generates and stores them for you.
Enable 2FA on These Accounts First
| Account Type | Priority | Best 2FA Method |
|---|
| Email (Gmail, Outlook) | 🔴 Critical | Authenticator app |
| Banking/UPI apps | 🔴 Critical | Built-in (MPIN) |
| Social media | 🟡 High | Authenticator app |
| Work accounts | 🟡 High | Authenticator app |
| Shopping (Amazon, Flipkart) | 🟢 Medium | OTP is sufficient |
💡 Use the ToolsCourt Password Generator to create strong passwords instantly. Generate 10 at once, copy to your password manager, and you are done.