The world’s most hacked passwords

Watch the  ZDNet report  on most hacked passwords.

Watch the ZDNet report on most hacked passwords.

The phrase, “simpler is better,” doesn’t apply when you're deciding how to choose a password.

A new report from the UK’s National Cyber Security Centre, the cyber arm of the GCHQ intelligence service, reveals the 100,000 most hacked passwords. Not surprisingly, the simplest are easiest to hack.

“In order to nudge tech-savvy people in the right direction when it comes to staying secure online, the NCSC teamed up with Troy Hunt, an Australian cybersecurity expert who created Pwned Passwords API, to analyze millions of breached accounts worldwide to determine the most common hacked passwords,” Fox Business online reports.

And the top 10 winners for the most hacked passwords:

1. 123456

2. 123456789

3. qwerty

4. password

5. 111111

6. 12345678

7. abc123

8. 1234567

9. password1

10. 1234

According to the report, ‘123456,’ was identified 23 million times in breaches. The second worst password pick – ‘123456789’ – was breached 7.7 million times, and the third most hacked password, ‘qwerty,’ 3.8 million times.

While several simple series of numbers and/or letters made the top 10, the study found people often used names in passwords – whether it’s their own name, the name of their child or their favorite musician.

The five most common names used as passwords in breaches included: 1) Ashley; 2) Michael; 3) Daniel; 4) Jessica; and 5) Charlie.

The five most common musician-inspired passwords in breaches included: 1) Blink182; 2) 50 Cent; 3) Eminem; 4) Metallica; and 5) Slipknot.

Consumer Reports offers tips for password-based cyber security:

“Ideally, a password should be composed of a long string (think at least a dozen characters) of seemingly random uppercase and lowercase letters, numbers, and symbols,” the publication reports. “One of the best and easiest things to do is to create a long password out of an easy-to-remember phrase, then throw in some special characters.”

Other tips on how to choose a password:

  • Create passwords or passphrases that do not use repeating words and number patterns, cannot be easily guessed, and do not use personal information.

  • Use a different password for each online account.

  • Change passwords annually and/or when prompted by your online accounts.

  • Always use two-factor authentication when available.

Consumer Reports also advises to avoid your name, birthday, or references to other personal details including your child’s personal details because hackers routinely troll Facebook and Twitter for clues to passwords like these.

It is important to remember to apply these same password standards to connected devices such as routers, webcams, and TVs. Many come with default passwords that should be changed the moment you take the product out of the box.