Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP).
Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.
The NCSC discovered that 23.2 million user accounts worldwide were using ‘123456’ as password, while 7.7 million users were using ‘123456789’.
This data is disconcerting and shows that we are far from to be secure even if security experts continue to warn users of cyber risks associated with the use of weak passwords.
Of course. the list of most-hacked passwords also includes other simple items like ‘qwerty’, ‘password’ and ‘1111111,’ in top five, a gift for the hackers.
The list of top breached passwords includes names, musicians, football team names, and fictional characters.
“The NCSC has also today published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.” reads the post published by the NCSC.
“The results show a huge number of regularly used passwordsbreached to access sensitive information.”
Data reported by NCSC are aligned with findings from other similar studies conducted
Experts suggest the adoption of strong passwords and the usage of a unique password for every service they access. Passwords should contain at least 8 characters, upper and lower case letters, numbers, and symbols (i.e. %$#!.). Another good practice is the set up of multi-factor authentication wherever possible.
Below the key findings emerged from the survey:
“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable.” said Dr Ian Levy, NCSC Technical Director.
“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with somethisng that can be guessed, like their first name, local football team or favourite band.”
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.