Security experts at the United Kingdom’s National Cyber Security Centre (NCSC) analyzed the 100,000 most-commonly re-occurring breached passwords using data from Have I Been Pwned (HIBP).
Have I Been Pwned allows users to search across multiple data breaches to see if their email address has been compromised.
The NCSC discovered that 23.2 million user accounts worldwide were using ‘123456’ as password, while 7.7 million users were using ‘123456789’.
This data is disconcerting and shows that we are far from to be secure even if security experts continue to warn users of cyber risks associated with the use of weak passwords.
Of course. the list of most-hacked passwords also includes other simple items like ‘qwerty’, ‘password’ and ‘1111111,’ in top five, a gift for the hackers.
The list of top breached passwords includes names, musicians, football team names, and fictional characters.
“The NCSC has also today published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.” reads the post published by the NCSC.
“The results show a huge number of regularly used passwordsbreached to access sensitive information.”
Data reported by NCSC are aligned with findings from other similar studies conducted by security firm. In December, SplashData published for the 8th year in a row the worst passwords list, the annual report based on the analysis of more than 5 million leaked passwords. Below the 2018 top 10 most used passwords published by SplashData:
Experts suggest the adoption of strong passwords and the usage of a unique password for every service they access. Passwords should contain at least 8 characters, upper and lower case letters, numbers, and symbols (i.e. %$#!.). Another good practice is the set up of multi-factor authentication wherever possible.
Below the key findings emerged from the survey:
“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable.” said Dr Ian Levy, NCSC Technical Director.
“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with somethisng that can be guessed, like their first name, local football team or favourite band.”
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – Top breached passwords, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and…
As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement…
Healthcare service provider Kaiser Permanente disclosed a security breach that may impact 13.4 million individuals…
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over…
A ransomware attack on a Swedish logistics company Skanlog severely impacted the country's liquor supply. …
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities…
This website uses cookies.