Skip to main content

Online passwords: Research confirms millions of people are using 123456

Despite repeated warnings from online security experts advising against the use of easy-to-crack passwords, it seems some many folks still can’t be bothered to think up a more complex string of characters to protect their accounts.

A recent study by the U.K.’s National Cyber Security Center (NCSC) that looked at public databases of breached accounts confirms that for many people, simple passwords are still a thing, with 23.2 million accounts globally using “123456” — the most common string on the list.

Perhaps not surprisingly, second is “123456789,” while others include “password”, “1111111,” and “qwerty.”

The NCSC collaborated with Australian online security expert Troy Hunt — known for his Have I Been Pwned site — to learn more about the kinds of passwords that some people are using to protect their accounts.

You can explore Hunt’s database yourself to find how many times simple passwords (or your own) have showed up in lists of accounts caught up in security breaches. For example, enter “zxcvbnm” (the letters appearing on the bottom row of a keyboard), and you’ll see that the password has showed up in data breaches more than 575,000 times.

On his site, Hunt offers some advice on how you can better protect yourself online. While not using “123456” as a password would certainly be a good start, Hunt suggests using a password manager app such as 1Password. Digital Trends has an article featuring the best password manager apps currently available.

Hunt also suggests using two-factor authentication with sites and apps that offer it, to give yourself an extra layer of protection against hackers. Finally, you can subscribe to his “notify me” service, which automatically sends you a notification if your email address appears on a list of hacked data, prompting you to reset your password.

“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt told the NCSC. “We typically haven’t done a very good job of that either as individuals or as the organizations asking us to register with them.”

He added: “Recognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”

Editors' Recommendations

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
These embarrassing passwords got celebrities hacked
dt10 language and tech motorola razr v3 paris hilton

One thing that celebrities have in common with everyday people is that they are also susceptible to cybersecurity breaches. Many public figures have had their private and public tech accounts hacked over the years and these attacks have often been due to them simply having weak passwords that were easy for bad actors to figure out.

Socialites, actors, politicians, and even prominent tech figures are guilty of lazy password practices, and falling victim to cybercrime that has compromised their passwords.
President Donald Trump

Read more
Hackers may have stolen the master key to another password manager
keepass master password plain text vulnerability open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
No, 1Password wasn’t hacked – here’s what really happened
A person using the 1Password password manager on a laptop while sat on a couch.

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

Read more