Are you guilty of using a terrible password? Study shows millions still use ‘123456’

In this June 16, 2013 file photo, Internet users browse their Facebook website by the free wifi internet service in an underground station in Hong Kong. (AP Photo/Kin Cheung, File)

Do you use “123456” or “qwerty” as a password for any of your online accounts? If the answer is yes, you should change it immediately.

A new report from the U.K. government’s National Cyber Security Centre (NSCS) says despite advice from cyber security professionals, millions of people continue to use easily-hackable passwords for their online accounts.

In fact, according to the report, 23.2 million people worldwide who had their accounts hacked were still using the password “123456.”

Included in the NSCS report is a data set from Have I Been Pwned, by international web security expert, Troy Hunt, which lists the top 100,000 passwords that have been accessed by third parties in global cyber breaches.

Story continues below advertisement

The NSCS says if a password you use is on the list, you should change it immediately.

According to the data, the top five passwords revealed in data breaches are:

  1. 123456 (23.2 million users)
  2. 123456789 (7.7 million users)
  3. qwerty (3.8 million users)
  4. password (3.6 million users)
  5. 111111 (3.1 million users)

WATCH: CyberNB expects 1,000 more cyber security jobs to open up over the next 5 years

Click to play video: 'CyberNB expects 1,000 more cybersecurity jobs to open up over the next 5 years'
CyberNB expects 1,000 more cybersecurity jobs to open up over the next 5 years

Also topping the list of commonly-used passwords were the names Ashley, Michael and Daniel, the names of fictional characters Superman, Naruto and Tigger, band names including Blink182, 50Cent and Eminem and the names of Premier League football teams Liverpool, Chelsea and Arsenal.

“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt said in a statement. “Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”

Story continues below advertisement

Cyber security confusion

The study also surveyed 1,350 UK citizens, and found that only 15 per cent of respondents felt they knew a great deal about protecting themselves from harmful activity online, with 46 per cent of respondents agreeing that information about how to be secure online is ‘confusing.’

According to the report, 50 per cent of respondents said that cyber security is a ‘very high priority’ and 30 per cent said it was a ‘fairly high priority.’ Less than half, however, said they do not always use a strong, separate password for their main email account.

The report also found the most regular concern among respondents was money fraud, with 42 per cent expecting it to happen to them by 2021.

“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable,” Dr. Ian Levy, NCSC technical director, said in a statement.

“Password re-use is a major risk that can be avoided — nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” he said.

Story continues below advertisement

According to the NSCS, individuals should use a strong, separate password for each online account, and can create a strong password by stringing together three random words using numbers and symbols.

Sponsored content