Millions of people use ‘123456’ as password, says UK study

Millions of people are still today using simple password like ‘123456’ and ‘qwerty’ on critical accounts that could leave them vulnerable, a study by the UK-based National Cyber Security Centre (NCSC) has revealed.

According to the study, people should use combine three random but memorable words together to use as a strong password.

This is the first cyber study from NCSC and the centre analysed public databases of breached accounts to see which words, phrases and strings people use the most.

‘123456 topped the list, appearing in over 23 million password strings. 123456789 was the second-most popular string – a number not much harder to crack. Others that were included in the top five are ‘qwerty,’ ‘password’ and ‘1111111,’ the study revealed.

Apart from this, other most commonly used names in passwords are Ashley, Michael, followed by Daniel, Jessica and Charlie. And when it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts.

According to Ian Levy, Technical Director of the NCSC, people who mostly use well-known words or names for a password put themselves in danger of being exploited.

“Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” Levy added.

The NCSC study also quizzed people about their security habits and fears and found nearly 42 per cent expected to lose money to online fraud and only 15 per cent said they felt confident that they knew enough to protect themselves online.

‘Picking a good password was the ‘single biggest control’ people had over their online security,’ said Troy Hunt, a security expert who maintains a database of hacked account data.

‘We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them,’ Troy said.