New research suggests we’re still too lazy to think up proper passwords, despite leaving us prone to a costly hacking.
London-based card machine provider Dojo has analysed data on 100,000 breached passwords from the UK government‘s National Cyber Security Centre (NCSC).
It found ‘123456’, ‘qwerty’ and ‘password’ – all easily remembered but notoriously bad choices – were among the most frequently hacked passwords.
Overall, pet names or terms of endearment – including ‘love’, ‘baby’ and ‘angel’ – were found to be the most commonly hacked passwords, ahead of animals, colours and swear words.
Experts are now urging the public to use more complicated passwords with unique letter and number combinations, along with two-factor authentication (2FA).
Scroll down for video
According to the NCSC data, the five most commonly hacked passwords with the most users are ‘123456’, ‘123456789’ and ‘qwerty’ (stock image)
2FA requires users to provide an additional piece of information, such as a pin code sent via text message, as well as a password.
‘Analysing NCSC data on over 100,000 breached passwords, we were able to categorise the top hacked passwords into over 30 categories, from sports to star signs,’ Dojo says in a blog post.
‘By seeing which category had the most breached passwords, the study can reveal the password subjects you should avoid as a whole to stay secure online.’
According to the NCSC data, the five most commonly hacked passwords with the most users were ‘123456’ at the top, followed by ‘123456789’, ‘qwerty’, ‘password’ and ‘1111111’.
These bad choices are made up of obvious sequences of numbers like, or, in the case of ‘qwerty’, the letters from the top row of the computer keyboard.
‘These sequences are particularly easy to remember and transcend languages and cultures, making them an incredibly popular password choice worldwide,’ Dojo says.
‘Easy to guess and requiring no personal knowledge, these ones present a huge risk to your online security when selected.
Using a password manager to create unique passwords and using multi-factor authentication (MFA) across all websites are some of the recommended ways to improve password security and make it difficult for attackers to steal your passwords and access your data (stock image)
‘Passwords with a combination of characters, numbers, and symbols are less likely to be hacked as they are harder to guess.
‘To keep your password more secure, we recommend you use a random combination that is memorable only to you.’
In terms of categories, the worst choices were found to be pet names/terms of endearment, followed by names, animals, emotions, food, colours and swear words.
Interestingly, the three most frequently hacked names used as passwords were ‘Sam’, ‘Anna’ and ‘Alex’, likely due to their few letters and being easy to spell.
Car brands (such as Audi and Ford), social media platforms (such as Facebook and Twitter) and star signs were also bad security choices, Dojo found.
Naveed Islam, chief information security officer at Dojo, thinks the public keeps using simple passwords – in spite of ongoing warnings to to – due to ‘password fatigue’.
This term refers to the strain of having to think up and remember multiple passwords, as more and more our every day lives are digitized and we’re required to open online accounts to access basic services.
‘The surge in online services has resulted in a proliferation of password usage,’ Islam said.
‘This has resulted in password fatigue – the feeling experienced by many people who are required to remember an excessive number of passwords as part of their daily routine.
‘To cope with password fatigue, people reuse the same password across multiple websites, using simple and predictable password creation strategies.
‘Attackers exploit these well-known coping strategies, leaving individuals vulnerable.’
Dan DeMichele, vice president for Product Management at password manager provider LastPass, calls strong passwords ‘the first and most essential line of defence against a cyber-attack’.
‘A strong password is at least 16 characters long and includes a mix of capital and lowercase letters as well as numbers and symbols,’ DeMichele said.
‘Cyber attackers love it when their intended victims are uninformed and unaware about cyber security – it makes their task easier.
‘It’s therefore imperative you keep up to date on security best practices.’