Skip to main content

Online passwords: Research confirms millions of people are using 123456

Despite repeated warnings from online security experts advising against the use of easy-to-crack passwords, it seems some many folks still can’t be bothered to think up a more complex string of characters to protect their accounts.

A recent study by the U.K.’s National Cyber Security Center (NCSC) that looked at public databases of breached accounts confirms that for many people, simple passwords are still a thing, with 23.2 million accounts globally using “123456” — the most common string on the list.

Perhaps not surprisingly, second is “123456789,” while others include “password”, “1111111,” and “qwerty.”

The NCSC collaborated with Australian online security expert Troy Hunt — known for his Have I Been Pwned site — to learn more about the kinds of passwords that some people are using to protect their accounts.

You can explore Hunt’s database yourself to find how many times simple passwords (or your own) have showed up in lists of accounts caught up in security breaches. For example, enter “zxcvbnm” (the letters appearing on the bottom row of a keyboard), and you’ll see that the password has showed up in data breaches more than 575,000 times.

On his site, Hunt offers some advice on how you can better protect yourself online. While not using “123456” as a password would certainly be a good start, Hunt suggests using a password manager app such as 1Password. Digital Trends has an article featuring the best password manager apps currently available.

Hunt also suggests using two-factor authentication with sites and apps that offer it, to give yourself an extra layer of protection against hackers. Finally, you can subscribe to his “notify me” service, which automatically sends you a notification if your email address appears on a list of hacked data, prompting you to reset your password.

“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt told the NCSC. “We typically haven’t done a very good job of that either as individuals or as the organizations asking us to register with them.”

He added: “Recognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
The best password managers for 2023
have i been pwned owner uncovers 13 million plaintext passwords leaked from free webhost is a safe password even possible we

If you're still copying and pasting passwords from a notepad, it's time to better protect your accounts online. That's where password managers come in, which give you a single master password to both simplify and secure your accounts.
But knowing which to sign up for isn't just as simple as looking down the feature list and price. Recent hacks and data leaks mean you need to be extra careful about which one you use.

1Password (Windows, Mac, iOS, Android, Linux, and Chrome OS)

Read more
Using LastPass? You need to switch urgently, says security firm
A dark mystery hand typing on a laptop computer at night.

It’s a good idea to use one of the best password managers to keep your logins safe, but now a security company is warning that one of the most popular password managers in the world is not safe to use.

The extraordinary claim comes from Intego, a firm that specializes in Mac security. Intego made its assertion based on a series of security breaches LastPass has suffered in recent months, the way LastPass has responded to those incidents, and the underlying technology LastPass uses to protect customer accounts.

Read more
Here’s how much faster Nvidia’s RTX 4090 is at cracking passwords
Nvidia GeForce RTX 4090 GPU.

You really shouldn’t be trying to manage your own passwords when high-performance graphics cards featuring GPUs as powerful as Nvidia’s GeForce RTX 4090 could be in use by hackers. The password-cracking speed of Nvidia’s best GPU has been highlighted before but the latest revelation points out the performance compared to other graphics cards.
Security analyst and researcher Sam Croley goes by Chick3nman on Twitter where he shares information related to password security. The latest tests show the RTX 4090’s Hashcat performance is roughly eight times greater than eight GTX 1080s. Compared to Nvidia’s best GPU from the previous generation, the RTX 4090 is nearly twice as fast as the RTX 3090. The tweet was the first spotted by Tom’s Hardware.

Replying to a question in the same Twitter thread, Croley said Nvidia’s GeForce RTX 4090 GPU is more than three times faster than an AMD Radeon RX 6900 when using the hash speed benchmark Hashcat. Croley noted that the relative performance of AMD’s Radeon RX 7000 series is still unknown.

Read more