Password hygiene has not improved much when compared to data we analyzed in 2015. Apparently, the list of worst passwords doesn’t change from year to year, with users continuing to use weak passwords for their accounts.
New statistics reveal that millions of people that have been hacked continue to use extremely simple passwords. The statistics come from a detailed breach analysis conducted on behalf of UK’s National Cyber Security Centre (NCSC).
Millions of Users Continue to Use the World’s Weakest Password
Data taken from the Have I Been Pwned service reveals that more than 23 million people who were hacked use the 123456 password. Next on the list are the 123456789 password used by 7.7 million users, and the infamous qwerty password used by 3.8 individuals.
Here’s a list of the 10 most-frequently used passwords by hack victims:
1. 123456
2. 123456789
3. qwerty
4. password
5. 111111
6. 12345678
7. abc123
8. 1234567
9. password1
10. 12345
If this list looks very familiar to you, it may be because the list of the 25 worst passwords in 2015 looked almost the same. The more curious thing is that the 2015’s list didn’t differ much from the lists SplashData had made in previous years. For instance, the two most common passwords that are usually at the top of ‘worst’ lists – 123456 and password – continue to be at top positions each year.
The 2016 LinkedIn data breach also revealed similar bad password habits. Here are the top 10 passwords accompanied by the number of users that utilized them:
1. 123456 – 753,305
2. linkedin – 172,523
3. password – 144,458
4. 123456789 – 94,314
5. 12345678 – 63,769
6. 111111 – 57,210
7. 1234567 – 49,652
8. sunshine – 39,118
9. qwerty – 37,538
10. 654321 – 33,854
Perhaps the best way to secure your passwords is the most obvious one – change your passwords frequently and use combinations of letters, numbers, symbols, and upper cases. Complex and long passwords make it difficult for attackers to carry out brute-forcing attacks. Note that if your credentials have been compromised in a data breach, don’t recycle your old password. Make sure to create brand new passwords, following the tips above.
As for the state of security in 2019, the NCSC also conducted its first UK Cyber Survey which revealed the following facts:
Only 15% say they know a great deal about how to protect themselves from harmful activity;
The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021;
89% use the internet to make online purchases – with 39% on a weekly basis;
One in three rely to some extent on friends and family for help on cyber security;
Young people more likely to be privacy conscious and careful of what details they share online;
61% of internet users check social media daily, but 21% report they never look at social media;
70% always use PINs and passwords for smart phones and tablets;
Less than half do not always use a strong, separate password for their main email account.