A new report from the UK’s National Cyber Security Centre (NCSC) has revealed that, 30 years after the birth of the World Wide Web, huge numbers of people still use easily hackable passwords like ‘123456’ and ‘password’ for many of their online accounts.
The report drew on data from haveibeenpwned.com, a database of 550 million accounts exposed in data breaches. Of those breached accounts, a staggering 23.2 million of them used ‘123456’ as their password, making them easy targets for hackers. The next most popular password was ‘123456789’, with 7.7 million, followed by ‘qwerty’ (3.8m) and ‘password’ (3.5m). Rounding out the top five was ‘1111111’, with 3.1 million breached accounts, and many of the top 100 most hacked passwords were variations on the ‘simple number sequence’ theme.
Slightly more creative, but also highly vulnerable to being hacked were various passwords that employed the names of people, bands and fictional characters. Musicians such as ‘blink182’ and ‘50cent’ led the pack, likely because they had the magical ingredient of having a number in the name, which would pass the requirements of many password systems.
A strong password is your first line of online defence. These simple tips can help make your passwords as strong as possible, which will ensure your online security and prevent fraud and/or identity theft, which is a serious crime.
- Make your password long. The longer and more complex your password is, the longer this process takes. Passwords that are three characters long take less than 1 second to crack.
- Use a nonsense phrase. If your letter combinations are not in the dictionary, your phrases are not in published literature, and none of it is grammatically correct, they will be harder to crack.
- Include numbers, symbols, uppercase and lowercase letters. Having a mixture of these in your password will further ensure it is hard for hackers to crack. Some websites even make this a requirement.
- Avoid using sequential letters. These include numbers, alphabets, and keyboard letters (e.g. qwerty). See the list at the end for more examples.
- Avoid using obvious personal information. Information about you that is easily discoverable – such as birthday, anniversary, address, city of birth, high school, and relatives’ and pets’ names – only make your password easier to guess.
- Do not reuse passwords. If your account is compromised and you use the same email address and password combination across multiple sites, a hacker can easily access your other accounts.
- Keep your password safe. Don’t give your passwords to anyone else. Don’t type your password in plain sight of other people. And DO NOT put your password on a sticky note on your work computer.
- Change your passwords regularly. The more sensitive your information is (e.g. banking, shopping), the more often you should change your password. Once it is changed, do not use that password again for a very long time.
Is your current password on this list of 100,000 most common passwords used on breached accounts? It might be time to think up a unique new password if the answer is yes!