Listen, I get it: passwords are difficult to remember, and crafting a new one every time you're ordered to reset it is, frankly, an annoying waste of your boundless creativity. But a list of the most hacked passwords published today by the National Cyber Security Centre (NCSC) really puts the entire population of the internet to shame. 23.2 million of us are still using "123456" in 2019? Internet, let's gather together, join hands, and vow to do better.
The NCSC analysed the 100,000 passwords at the top of the "global password risk list": the passwords most commonly accessed by hackers in data breaches, and used to obtain protected information. And yes, right at the top is "123456" — followed by "123456789", which occurred 7.7 million times in the data breaches analysed. Next up was "querty," used 3.8 million times, followed by "password" with 3.6 million occurances. In fifth place was "1111111," used 3.1 million times. At least "password" is only in fourth place, I guess?
Names, musicians, fictional characters, and Premier League football teams are also common sources of password inspiration, according to the NCSC. The most used name? "ashley," with 432,276 uses, followed by "michael," "daniel," "jessica," and "charlie." Superman, Naruto, Tigger, Pokemon, and Batman topped the "fictional characters" list, while Blink 182, 50 Cent, Eminem, Metallica, and Slipknot all inspired their fair share of passwords. As for football-related passwords, "liverpool," "chelsea," "arsenal," "manutd," and "everton" appeared most frequently.
The NCSC UK Cyber Survey also found that 37 per cent of respondents did not always use a "strong, separate password" for their primary email account, while 24 per cent did not always use a PIN or password on their smartphone or tablet. Only 15 per cent of respondents said they knew how to protect themselves from "harmful activity" online, while 42 per cent anticipated having money stolen from them online by 2021.
Money being stolen was also the most common concern for internet users, with 52 per cent of respondents saying they think about it "a lot" when going online. 51 per cent thought "a lot" about protecting their privacy, with 33 per cent thinking about it sometimes; 38 per cent worried frequently about protecting their friends and family, and 34 per cent thought about it sometimes. 23 per cent thought "a lot" about avoiding embarrassment, and 19 per cent were very concerned about losing photos.
The most obvious defensive move? Creating a stronger password. Dr. Ian Levy, technical director of NCSC, said in a statement, "Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band."
"Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password," he added. Next time you're prompted to change a password? Just resist the urge to pay homage to your dog.