Do you use “123456” or “qwerty” as a password for any of your online accounts? If the answer is yes, you should change it immediately.
A new report from the U.K. government’s National Cyber Security Centre (NSCS) says despite advice from cyber security professionals, millions of people continue to use easily-hackable passwords for their online accounts.
In fact, according to the report, 23.2 million people worldwide who had their accounts hacked were still using the password “123456.”
Included in the NSCS report is a data set from Have I Been Pwned, by international web security expert, Troy Hunt, which lists the top 100,000 passwords that have been accessed by third parties in global cyber breaches.
The NSCS says if a password you use is on the list, you should change it immediately.
According to the data, the top five passwords revealed in data breaches are:
- 123456 (23.2 million users)
- 123456789 (7.7 million users)
- qwerty (3.8 million users)
- password (3.6 million users)
- 111111 (3.1 million users)
Get daily National news
WATCH: CyberNB expects 1,000 more cyber security jobs to open up over the next 5 years
Also topping the list of commonly-used passwords were the names Ashley, Michael and Daniel, the names of fictional characters Superman, Naruto and Tigger, band names including Blink182, 50Cent and Eminem and the names of Premier League football teams Liverpool, Chelsea and Arsenal.
“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt said in a statement. “Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”
Cyber security confusion
The study also surveyed 1,350 UK citizens, and found that only 15 per cent of respondents felt they knew a great deal about protecting themselves from harmful activity online, with 46 per cent of respondents agreeing that information about how to be secure online is ‘confusing.’
- Mohamed Al-Fayed, whose son died with Princess Diana, accused of multiple rapes
- 12-year-old shoots, kills black bear attacking his dad in Wisconsin
- Yellowstone Park tourist burns leg after going off trail near Old Faithful
- Hezbollah chief says Israel crossed ‘red lines’ with exploding device attacks
-
![]()
Booby-trapped two-way radios used in 2nd round of deadly coordinated attacks in Lebanon -
![]()
Portugal wildfires: Emergency services pushed to limit as reinforcements arrive -
![]()
Lebanon pager attack: World leaders say blasts pose ‘serious risk of dramatic escalation’ -
![]()
Sean ‘Diddy’ Combs to fight charges with ‘all of his energy’
According to the report, 50 per cent of respondents said that cyber security is a ‘very high priority’ and 30 per cent said it was a ‘fairly high priority.’ Less than half, however, said they do not always use a strong, separate password for their main email account.
The report also found the most regular concern among respondents was money fraud, with 42 per cent expecting it to happen to them by 2021.
“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable,” Dr. Ian Levy, NCSC technical director, said in a statement.
“Password re-use is a major risk that can be avoided — nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” he said.
According to the NSCS, individuals should use a strong, separate password for each online account, and can create a strong password by stringing together three random words using numbers and symbols.
Comments