Despite repeated warnings from online security experts advising against the use of easy-to-crack passwords, it seems some many folks still can’t be bothered to think up a more complex string of characters to protect their accounts.
A recent study by the U.K.’s National Cyber Security Center (NCSC) that looked at public databases of breached accounts confirms that for many people, simple passwords are still a thing, with 23.2 million accounts globally using “123456” — the most common string on the list.
Perhaps not surprisingly, second is “123456789,” while others include “password”, “1111111,” and “qwerty.”
The NCSC collaborated with Australian online security expert Troy Hunt — known for his Have I Been Pwned site — to learn more about the kinds of passwords that some people are using to protect their accounts.
You can explore Hunt’s database yourself to find how many times simple passwords (or your own) have showed up in lists of accounts caught up in security breaches. For example, enter “zxcvbnm” (the letters appearing on the bottom row of a keyboard), and you’ll see that the password has showed up in data breaches more than 575,000 times.
On his site, Hunt offers some advice on how you can better protect yourself online. While not using “123456” as a password would certainly be a good start, Hunt suggests using a password manager app such as 1Password. Digital Trends has an article featuring the best password manager apps currently available.
Hunt also suggests using two-factor authentication with sites and apps that offer it, to give yourself an extra layer of protection against hackers. Finally, you can subscribe to his “notify me” service, which automatically sends you a notification if your email address appears on a list of hacked data, prompting you to reset your password.
“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt told the NCSC. “We typically haven’t done a very good job of that either as individuals or as the organizations asking us to register with them.”
He added: “Recognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”