Hackers Delight: Poor Password Security

Millions of people are using easy-to-guess passwords on sensitive accounts, suggests a study. The analysis by the UK's National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts.

The study helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited. The NCSC said people should string three random but memorable words together to use as a strong password.

Sensitive Data
For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used. 

Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included "qwerty", "password" and 1111111. The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.

When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts. People who use well-known words or names for a password put themselves people at risk of being hacked, said Dr Ian Levy, technical director of the NCSC.

"Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band," he said.

Hard to Guess
The NCSC study also quizzed people about their security habits and fears. It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.

It found that fewer than half of those questioned used a separate, hard-to-guess password for their main email account.
Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the "single biggest control" people had over their online security.

"We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them," he said.

Letting people know which passwords were widely used should drive users to make better choices, he said. The survey was published ahead of the NCSC's Cyber UK conference that will be held in Glasgow from 24-25 April. 

BBC:

You Might Also Read: 

Identity Management Fundamentals:

 

 

« FBI Believes Russia Hacked Florida Elections
A Cyber Attack On Japan Could Bring The USA To War »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Aptive Consulting

Aptive Consulting

Aptive is a cyber security consultancy providing Penetration Testing and Vulnerability Assessment services.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

DTS Solution

DTS Solution

DTS Solution delivers advanced cyber security solutions through is technology partnerships with industry leading security vendors and advanced consulting services.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

FifthDomain

FifthDomain

We are a specialist cyber security education and training company tackling the global cyber security skills shortage.

Tyler Technologies

Tyler Technologies

Tyler Technologies is a leading provider of end-to-end information management solutions and services for local governments.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

Xiarch Solutions

Xiarch Solutions

Xiarch Security is an global security firm that educates clients, identifies security risks, informs intelligent business decisions, and enables you to reduce your attack surface.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

Cyber Ranges

Cyber Ranges

Cyber Ranges is the next-generation cyber range for the development of cyber capabilities and the validation of cyber security skills and organizational cyber resilience.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Securin

Securin

Securin offers a comprehensive portfolio of solutions including Attack Surface Management, Vulnerability Intelligence, Penetration Testing, and Vulnerability Management.

e-Safer

e-Safer

e-Safer's mission is to provide solutions and services that ensure a safer digital environment.

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.

Corporater

Corporater

Corporater provides organizations with integrated solutions for managing governance, performance, risk, and compliance built on a single platform.