123456 - 23.2 Million Cyber Victims Used This Password

• Content
• News
• 123456 - 23.2 Million Cyber Victims Used This Password

28 June 2019 | Updated 08 July 2019

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as their password.

Brits have been urged to apply steps to stay safe online after results of the UK Cyber Survey exposed exploitable gaps in their personal security knowledge and businesses have been warned to say no to weak passwords being used by employees. the UK National Cyber Security Centre (NCSC) is urging the use of three random words rather than a single word such as a name or a football team.

Amongst the results – which have been published in full on www.ncsc.gov.uk - were that:

• Only 15% of individuals say they know a great deal about how to protect themselves from harmful activity.

• The most regular concern is money being stolen – with 42% feeling it likely to happen by 2021.

• 89% use the internet to make online purchases – with 39% on a weekly basis. Much of this is done from a work or BYOD computer or phone.

• One in three rely on friends and family for help on cyber security rather than their employer.

• Young people more likely to be privacy conscious and careful of what details they share online.

• 61% of internet users check social media daily.

• 70% always use PINs and passwords for smart phones and tablets.

• Less than half do not always use a strong, separate password for their main email account.

The NCSC has also published separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.

The results show a huge number of regularly used passwords breached to access sensitive information.

The most used were Premier League football teams; musicians; fictional characters; and names - ashley was used 432,276 times. liverpool (280,723); blink182 (285,706); superman (333,139); michael (425,291); chelsea (216,677; 50cent (191,153); qwerty (3.8m); manutd (59,440); batman (203,116).

Dr Ian Levy, NCSC Technical Director, said: “The NCSC has published lots of easily applicable advice to make individuals and businesses much less vulnerable.

“Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.

“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Tell employees to be creative and use words memorable to them, so people can’t guess your password.”

Margot James, DMCS’ Digital and Creative Industries Minister, said:  "Cyber security is a serious issue but there are some simple actions everyone can take to better protect against hackers. We shouldn't make their lives easy so choosing a strong and separate password for email accounts is a great practical step."

David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, said: "Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work."

Background

The compromised passwords were obtained from global breaches that are already in the public domain having been sold or shared by hackers.

The list was created after breached usernames and passwords were collected and published on Have I Been Pwned by international web security expert Troy Hunt. The website allows people to check if they have an account that has been compromised in a data breach.

Troy Hunt said: “Making good password choices is the single biggest control consumers have over their own personal security posture.

“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them. Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people and businesses create a more secure online presence.”

Picture: 23.2 million victims worldwide were caught out by using 123456 as their password.

Article written by Brian Shillibeer | Published 28 June 2019

Share

Related Articles