Millions of people still use 123456 as their password


Posts: 6,658   +59
Staff member

The report by the UK's National Cyber Security Centre (NCSC) analyzed passwords found in public databases of breached accounts to find out popular words, phrases, and strings. It appears that the worst password of 2018—123456—remains the most popular, appearing in more than 23 million passwords.

The second-most popular string was the equally bad 123456789, while the other top five entries include "qwerty," "password," and 1111111.

People’s names are still commonly used as passwords, the most popular being Ashley, followed by Michael, Daniel, Jessica and Charlie. And when it comes to using band names, Blink182 is the most common, followed by 50cent. Superman, meanwhile, is the most popular fictional character name used as a password.

The report was put together in collaboration with Troy Hunt, the Australian security researcher responsible for the Have I Been Pwned website, which reveals if your email addresses or passwords appear in data breaches.

Most users know that it’s inadvisable to reuse the same credentials across multiple websites—even Mark Zuckerberg is thought to have been guilty of this practice in the past. Remembering multiple passwords isn’t easy, of course, so the best solution is to use a password manager such as LastPass. It’s also advisable to enable two-factor authentication wherever possible, but the most important thing is to not use terrible passwords.

“Making good password choices is the single biggest control consumers have over their own personal security posture. We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them,” said Hunt.

“Recognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”

Permalink to story.



Posts: 624   +246
The people who use such passwords should not open accounts in the first place or they should quit internet for good....


Posts: 314   +232
You know this really makes me feel better about myself. I some times worry that my 12-16 passwords aren't good enough. The answer is yes they are.
Why do websites allow people to use such passwords in the first place?? They can tell me if I have not used a capital letter, numbers, or symbols, so why do they still allow people to use such blindingly obvious passwords???


Posts: 2,260   +1,750
So millions are lazy and don't care about their online security might as well just walk around with a shirt that says hack me here is all my info.


Posts: 17   +16
It's so much easier to just use a password manager for all these throwaway accounts... It's even easier than using a crap password for all the pointless account creation requests.


Posts: 318   +163
There are still so many sites that insist on you having an account with them just so they can spam you. It is hardly surprising that people don't bother with secure passwords, what's the potential loss? Less spam cluttering up your junk email folder?