Millions of people are still using easy to guess password “123456” and “qwerty” on sensitive accounts, according to a study.
The analysis conducted by the UK’s National Cyber Security Centre (NCSC) revealed the gaps in cyber knowledge that may leave people prone to exploitation.
The NCSC notes that people should use three random but memorable words together to use as a strong password. For its cyber-security survey, the NCSC analyzed the public database of accounts that have been breached in order to see which words, numbers, and phrases people used the most, according to a BBC report.
Topping the list was the password: 123456, which appeared more than 23 million times. It was followed by the string 123456789, which was clearly not that hard to crack. Other passwords in the top five included “qwerty”, “password”, and “1111111”.
The most common names that were used in passwords included Ashley, Michael, Daniel, Jessica, and Charlie, the report found.
Users also used Premier League football team names as their passwords. In terms of football team names used as a password, Liverpool is the champion with Chelsea closely following on the heels. Blink-182 topped the charts of music acts.
The people who use well-known words or names as their passwords put themselves at risk of being hacked, said Ian Levy, technical director of the NCSC
“Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favorite band,” he said.
Earlier this year, around 772 million email IDs were reported to be exposed in a collection of files uploaded to cloud service MEGA.
This data breach was first discovered by Microsoft’s regional director and researcher Troy Hunt who called it Collection #1. Troy, who runs a website called Have I Been Pwned–a way to check whether your own email or password has been compromised by a breach at any point, said the dump was “set of email addresses and passwords totaling 2,692,818,238 rows”. Also, in total, this adds up to “1,160,253,228 unique combinations of email addresses and passwords”.