Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP).
Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.
The NCSC discovered that 23.2 million user accounts worldwide were using ‘123456’ as password, while 7.7 million users were using ‘123456789’.
This data is disconcerting and shows that we are far from to be secure even if security experts continue to warn users of cyber risks associated with the use of weak passwords.
Of course. the list of most-hacked passwords also includes other simple items like ‘qwerty’, ‘password’ and ‘1111111,’ in top five, a gift for the hackers.
The list of top breached passwords includes names, musicians, football team names, and fictional characters.
“The NCSC has also today published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.” reads the post published by the NCSC.
“The results show a huge number of regularly used passwordsbreached to access sensitive information.”
Data reported by NCSC are aligned with findings from other similar studies conducted
Experts suggest the adoption of strong passwords and the usage of a unique password for every service they access. Passwords should contain at least 8 characters, upper and lower case letters, numbers, and symbols (i.e. %$#!.). Another good practice is the set up of multi-factor authentication wherever possible.
Below the key findings emerged from the survey:
“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable.” said Dr Ian Levy, NCSC Technical Director.
“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with somethisng that can be guessed, like their first name, local football team or favourite band.”
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”