A new report from the UK’s National Cyber Security Centre (NCSC) has revealed that, 30 years after the birth of the world wide web, huge numbers of people still use easily hackable passwords like ‘123456’ and ‘password’ for many of their major services.
The report drew on data from haveibeenpwned.com, a database of 550 million accounts exposed in data breaches.
Of those breached accounts, a staggering 23.2 million of them used ‘123456’ as their password, making them easy targets for hackers.
The next most popular password was ‘123456789’, with 7.7 million, followed by ‘qwerty’ (3.8m) and ‘password’ (3.5m).
Rounding out the top five was ‘1111111’, with 3.1 million breached accounts, and many of the top 100 most hacked passwords were variations on the ‘simple number sequence’ theme.
Slightly more creative, but also highly vulnerable to being hacked were various passwords that employed the names of people, bands and fictional characters.
When it came to names, ‘ashley’ was the name most likely to memorialised in a password, with 432,276 breached accounts using it.
Other password-worthy names included ‘michael’ (425,291), ‘daniel’ (368,227), ‘jessica’ (324,125) and ‘charlie’ (308,939).
For musicians, ‘blink182’ (285,706) and ‘50cent’ (191,153) led the pack, likely because they had the magical ingredient of having a number in the name, which would pass the requirements of many password systems.
Metal had its place, though, with ‘metallica’ and ‘slipknot’ both making the top five, and ‘eminem’ also slipped in there.
In addition to the report, the NCSC also released a text document containing the 100,000 most common passwords used on breached accounts.
It encouraged people to check if the passwords they used were on this list, and to change them if they were.
It said there was no real risk in making these passwords public.
“These passwords are already in the public domain,” said the NCSC in a blog post.
“By building awareness of how attackers use passwords obtained from breaches, we can make it harder for those attackers.”
If you want to know how long a computer would take to crack your password, you can check online using sites such as howsecureismypassword.net.
The top 20 most hacked passwords
Top 5 musicians
Top 5 names
Top 5 fictional characters