A recent report by the UK’s National Cyber Security Centre (NSCS) shows that millions of us are using passwords, on sensitive accounts, that are almost laughably easy to crack. The NSCS conducted an analysis of passwords found in public databases of previously breached accounts to see what the most frequently occurring passwords were. In 2018, when the last review was reported on, the most popular password on breached accounts was ‘123456’ and the same password topped the league of cracked passwords again this year, it appeared in more than 23 million breached passwords!
Other passwords, not quite as popular but included in the top 5, were ‘123456789’ (slightly harder to crack because of its greater length but still not much of a challenge), ‘password’, ‘qwerty’ and ‘1111111’.
Some people with breached accounts used names, including ‘Ashley’ (the most frequent) ‘Michael’ and ‘Daniel’. Names are easy to guess, particularly if they are family names. Other categories of breached password which were identified in the report include Premier League football teams (Liverpool top this one), Musicians (blink182 being the most popular) and Fictional characters (Superman being far and away the most popular).
Co-author of the NSCS report, Troy Hunt said “Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people to create a more secure online presence’.
A 2015 report ‘Password Guidance’ published by the information security arm of GCHQ (CESG) and the Centre for the Protection of National Infrastructure, provided a number of hints for businesses on how to create secure passwords. The key hint, and the one most relevant to individuals was to ‘Change all default passwords’.