Skip to main content
  1. Home
  2. Computing
  3. News

Online passwords: Research confirms millions of people are using 123456

By

Despite repeated warnings from online security experts advising against the use of easy-to-crack passwords, it seems some many folks still can’t be bothered to think up a more complex string of characters to protect their accounts.

A recent study by the U.K.’s National Cyber Security Center (NCSC) that looked at public databases of breached accounts confirms that for many people, simple passwords are still a thing, with 23.2 million accounts globally using “123456” — the most common string on the list.

Recommended Videos

Perhaps not surprisingly, second is “123456789,” while others include “password”, “1111111,” and “qwerty.”

Related

The NCSC collaborated with Australian online security expert Troy Hunt — known for his Have I Been Pwned site — to learn more about the kinds of passwords that some people are using to protect their accounts.

You can explore Hunt’s database yourself to find how many times simple passwords (or your own) have showed up in lists of accounts caught up in security breaches. For example, enter “zxcvbnm” (the letters appearing on the bottom row of a keyboard), and you’ll see that the password has showed up in data breaches more than 575,000 times.

On his site, Hunt offers some advice on how you can better protect yourself online. While not using “123456” as a password would certainly be a good start, Hunt suggests using a password manager app such as 1Password. Digital Trends has an article featuring the best password manager apps currently available.

Hunt also suggests using two-factor authentication with sites and apps that offer it, to give yourself an extra layer of protection against hackers. Finally, you can subscribe to his “notify me” service, which automatically sends you a notification if your email address appears on a list of hacked data, prompting you to reset your password.

“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt told the NCSC. “We typically haven’t done a very good job of that either as individuals or as the organizations asking us to register with them.”

He added: “Recognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”

Editors' Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Hackers are using this incredibly sneaky trick to hide malware
A hacker typing on an Apple MacBook laptop, which shows code on its screen.

One of the most important things you can do to protect your online security is install one of the best password managers, but a recent cyberattack proves that you have to be careful even when doing that. Thanks to some sneaky malware hidden in Google Ads, you could end up with viruses riddling your PC.

The issue affects popular password manager KeePass -- or rather, it attempts to impersonate KeePass by using misleading Google Ads. First spotted by Malwarebytes, the nefarious link appears at the top of search results, meaning you’ll likely see it before the legitimate websites that follow beneath it.

Read more
Disney+ to begin crack down on password sharing
OnePlus Pad with Disney Plus app open

Disney+ is moving toward ending free password sharing on its platform.

The move follows the same one deployed by Netflix earlier this year following years in which it had a rather relaxed attitude to the practice, enabling many people to use the streaming service for free.

Read more
How smart light bulbs could steal your password
GE Cync smart lights review

If it's connected to the internet, it can get hacked -- yes, even some of the best smart bulbs. While smart bulbs make it easy to adjust the lighting and ambiance in your room, they connect to Wi-Fi, which makes them susceptible to attacks. Researchers from the Universita di Catania and the University of London discovered a particular vulnerability in the TP-Link Tapo L530E smart bulb and the accompanying TP-Link Tapo app. It seems that hackers could gain access to your passwords just through the smart bulb.

These days, smart devices are more and more prominent in households across the globe. The TP-Link Tapo L530E is a popular smart bulb, which is what drove the researchers to analyze it and attempt to find flaws within its security. Unfortunately, they found at least four vulnerabilities, all stemming from the fact that the bulb's security measures might be insufficient.

Read more