Passwords like ‘123456’ and ‘password’ are incredibly insecure, but many people continue to use them.
Hey, Internet: Your passwords still suck.
Though security experts have been warning us since forever that passwords like “123456” and “password” are incredibly insecure, many people continue to use them, according to new data from Keeper Security, which makes password management software.
The company analyzed 10 million passwords that became public via data breaches in 2016 and found that nearly 17 percent of users are protecting their accounts with “123456,” which Keeper ranked as the most common password of 2016.
In fact, variations of sequential numbers made up 70 percent of the top 10 most common passwords, Keeper found.
The second most-popular password of 2016, according to Keeper, was “123456789” followed by “qwerty” and No. 3, “12345678” at No. 4, and “111111” at No. 5. Rounding out the top 10 were: “1234567890” at No. 6, followed by “1234567,” “password,” “123123,” and the very clever (not) “987654321.”
Seven of the top 15 passwords consist of just six characters, which is a big no-no if you don’t want hackers accessing your account.
“Today’s brute-force cracking software and hardware can unscramble those passwords in seconds,” Keeper wrote.
Interestingly, some seemingly random passwords such as “18atcskd2w” and “3rjs1la7qe” also cracked the top 25.
Security expert Graham Cluley over the summer said that it probably wasn’t humans who chose these passwords, but bots, which repeatedly used the codes when setting up dummy email accounts for spam and phishing attacks.
Meanwhile, Keeper pointed out that the list of most commonly-used passwords hasn’t changed much in the past few years, suggesting many users simply don’t care or can’t be bothered to create and remember secure passwords.
The company called on website owners to start enforcing stronger password policies.
“What really perplexed us is that so many website operators are not enforcing password security best practices,” the Keeper team wrote. “While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves.
IT administrators and website operators must do the job for them.”
To protect your passwords from getting hacked, take the time to use a variety of characters, including numbers, upper and lowercase letters, and other symbols.
Avoid using dictionary words, which are easily crackable.
Consider using a password manager, and avoid using the same password over and over.