People are dreadful at picking passwords.
The world’s most popular password is the depressingly
easy-to-guess 123456, according to an
analysis by security
firm Keeper of 10 million leaked passwords last year. We
first read about the report from The
There were several major data breaches in 2016 in which people’s
login details were leaked online. Some were new — like
the hack of adult dating site AdultFriendFinder. In other
cases, like LinkedIn, the breach happened years ago,
but the data only recently surfaced online.
Both instances provided researchers with an unparalleled look at
the security habits of millions of people — it’s not pretty.
“Looking at the list of 2016’s most common passwords, we couldn’t
stop shaking our heads,” the researchers wrote in a blog post.
“Four of the top 10 passwords on the list — and seven of the top
15 — are six characters or shorter. This is stunning in light of
the fact that, as we’ve reported, today’s brute-force cracking
software and hardware can unscramble those passwords in seconds.
Website operators that permit such flimsy protection are either
reckless or lazy.”
What’s more, Keeper says, recommendations about good security
practices are just failing to get through to a lot of people.
“The list of most-frequently used passwords has changed little
over the past few years,” it writes. “That means that user
education has limits. While it’s important for users to be aware
of risks, a sizable minority are never going to take the time or
effort to protect themselves. IT administrators and website
operators must do the job for them.”
Longer passwords can be harder to remember. But that’s not an
excuse to just use qwerty. Security experts
recommend that people use a different, strong password for each
service or website they have an account with, storing them with a
password manager app if necessary. That way, if one service you
used is breached, your accounts on others aren’t compromised as
And you should also activate two-factor authentication whenever
possible, so that even if your password is exposed,
attackers still can’t get into your account without access to
On a long enough timescale, everyone gets hacked. But by not
using — and re-using — weak passwords, you can limit the damage.
Finally, here’s the full list. If any of your passwords
are on here, change them immediately.