Names, soccer players, musicians and fictional characters make up some of the worst passwords of the year, according to the U.K. government’s National Cyber Security Center.
But nothing beats “123456” as the worst password of all.
It’s no bump to any seasoned security pro. For years, the six-digit password has been donned the worst password of all, given its wide usage. Trailing behind the worst password is — surprise, surprise — “123456789”.
The NCSC said more than 30 million victims use those two passwords alone, according to its latest breach analysis based off data pulled from Pwned Passwords, a website run by security researcher Troy Hunt, who also runs breach notification Have I Been Pwned.
“We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable guidance to make you much less vulnerable,” said Dr. Ian Levy, NCSC’s technical director. “Password re-use is a major hazard that can be avoided — nobody should preserve sensitive data with something that can be guessed, like their first name, local soccer group or best-loved band.”
Weak passwords are a problem. Not only can they be easily guessed by bots trying to break into your account, they can be easily cracked if they’re ever stolen from the company in a data breach. Weak passwords are often the default credentials on Internet of Things devices, making it simple for botnets to quietly break into your smart devices and hijack them for nefarious purposes.
What can you do about it?
TechCrunch has several free security guides you can read to put you on the right way. Setting yourself up with a password manager is the first large stride. Password managers generate and securely store your passwords so you don’t have to remember each one. Then, you should set up two-factor authentication, as adding an extra barrier on top of your password makes it even tougher for the most determined malicious hacker to break into your accounts.
It doesn’t take long to get secure. Take a hour out of your day and get started.