More than 23 million people have used the world's most hackable password
Nicole Bogart, CTVNews.ca
Published Monday, April 22, 2019 11:29AM EDT
Last Updated Monday, April 22, 2019 11:51AM EDT
Millions of web users have ignored the advice of security professionals, using easily hackable and insecure passwords such as "123456" and "password" to protect their online accounts.
Despite annual warnings on the dangers of weak passwords, 23.2 million user accounts hacked worldwide used the password “123456," according to data provided to the U.K. government’s National Cyber Security Center (NCSC).
The six-digit login has topped the list of the worst passwords since 2011.
Surprisingly, 7.7 million users opted for the longer but equally insecure “123456789,” while 3.8 million chose the alphabetical sequence “qwerty” for their password.
The analysis profiling the most commonly re-occurring passwords used by hackers in global cyber breaches was compiled by the security website Have I Been Pwned, run by security expert Troy Hunt. The passwords included in the data have been tracked since the website began tracking data breaches in 2013.
The U.K.’s NCSC published the data alongside its U.K. Cyber Survey, which showed that 42 per cent of Brits are expected to lose money to online fraud thanks to a lack of security knowledge.
“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable,” said NCSC Technical Director Dr. Ian Levy in a statement.
“Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.”
Other vulnerable passwords include “password” and “1111111.”
According to the NSCS, the list of passwords is already available in the public domain for hackers and non-hackers alike to access, making it an important learning opportunity.
“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt said in a statement issued Sunday.
“Recognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”
How to create a strong password
As indicated by the latest data, the no. 1 mistake users make when creating a password is sticking to popularly used, simple passwords. Another common error: Using the same password across multiple sites.
“We recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password,” explained Levy.
According to experts, passwords that use eight to ten upper- and lower-case letters mixed with numbers are proven to be more secure. When choosing numbers to add to your password, be sure not to use anything that is easily identifiable, such as your address or date of birth.
As Hunt writes in his popular security blog, “the only secure password is the one you can’t remember.”
The expert regularly recommends users invest in a password manager, such as LastPass or 1Password, which help defend against cyber criminals by generating complicated, encrypted passwords for your online accounts. The only thing you need to worry about is creating one secure master password for the manager itself.