The notorious six-digit string continues to
‘reign supreme’ among the most-hacked passwords
An analysis of the 100,000 most-commonly
re-occurring breached passwords confirms that ‘123456’ is the undisputed king
of atrocious passwords.
Using data from Have I Been Pwned
(HIBP), a website that allows users to check if their email addresses or
passwords have appeared in a known data breach, the United Kingdom’s National Cyber Security Centre (NCSC) has found that 23.2
million user accounts worldwide were “secured” with ‘123456’. Its close, and
similarly poor, relative, ‘123456789’, was used 7.7 million times, leaving the
door just as wide open for cybercriminals. Other stalwarts among the most
common passwords – ‘qwerty’, ‘password’ and ‘1111111’ – rounded out the top
five.
And perhaps just as unsurprisingly, many of
the most-hacked passwords were made up of names, soccer teams, musicians, and
fictional characters. Some of the most popular choices each appeared in
hundreds of thousands of passwords.
Source: NCSC
The NCSC made available the entire list of the 100,000 most commonly
re-occurring passwords for breached user accounts. Overall, the NCSC’s findings
may well bring echoes of other analyses of the most commonly re-occurring
passwords. As we also reported late in 2018 and 12 months earlier, studies conducted annually by password
security company SplashData produced very similar results.
At any rate, if any of your passwords appears
on the NCSC’s list, you would be very well advised to change it post-haste, and
perhaps use some of our guidance for picking passwords or passphrases that are both strong and unique. You can also
use our how-to guide to check on HIBP if any of your online
accounts may have been the victim of a known breach.
Setting up multi-factor
authentication wherever possible will add an extra layer of security in
exchange for very little effort.
Attitudes
Alongside the password risk list, the NCSC
also published the results of its first ‘UK Cyber Survey’, which sought to find
more about people’s awareness of, and attitudes towards, cybersecurity.
The survey, which gathered input from more
than 2,500 people in the UK between November 2018 and January of this year,
found that only 15% say they know “a great deal” about how to protect
themselves from harmful cyber-activity. Most (68%) said that they know “a fair
amount”.
More than two-thirds of the respondents
believe that they will likely fall victim to at least one type of cybercrime
over the next two years. The most prevalent concern was money being stolen, as
42% fear that this is likely to happen by 2021.
In order to learn more about the concerns of
the US public about cybercrime, you may want to read our recent blog post about the ESET Cybersecurity Barometer. We have
also published a parallel report for Canada.