The first-ever “UK Cyber Survey” reported that 23.2 million victims of breaches worldwide used 123456 to protect their account, making it the top on a long list of worst passwords for cybersecurity.
In collaboration with Troy Hunt, a web-security specialist, the United Kingdom’s National Cyber Security Centre (NCSC) released a global password risk list earlier this week. The list reported the top 100,000 worst passwords for cybersecurity, which revealed the passwords that are most commonly found in data breaches.
Follow Ladders on Flipboard!
Top 20 worst passwords for data breaches
The NCSC recommends that you change your password immediately if you see it anywhere on the list of 100,000 passwords most commonly found in data breaches. Dr. Ian Levy, NCSC Technical Director, suggests combining three random words to create a hard-to-guess password.
Why using one of these worst passwords is a cybersecurity problem
Using passwords that have been commonly found in data breaches pose a risk for both individuals and companies. Passwords on this list are already in the public domain and have been shared by hackers, and cyber-attackers commonly use lists like this when trying to hack into a system.
Attackers have been able to breach corporate networks and move into the internal system due to a single weak point, such as use of a password from one of these lists.
Most commonly used passwords in breaches by name, Premier League football teams, musicians, and fictional characters
The UK Cyber Survey also identified categories of most commonly used passwords found in breaches. Find the top passwords in each category below:
Ashley was the most common first name to be used as a password in a breach.
Liverpool was the most common Premier League football team to be used as a password in a breach.
Blink182 was the most common password related to music to be used in a breach.
Superman was the most common fictional character to be used as a password that appeared in a breach.
Troy Hunt cybersecurity tools
Hunt created Have I Been Pwned, a tool that allows users to check if one of their accounts has been compromised, after the Adobe breach of customer accounts. The data comes from past breaches, which are situations where data is exposed to a vulnerable system.
The Pwned Passwords feature allows individuals in any country to check if one of their passwords has ever been seen in a data breach. Exposure to breaches makes any password unsuitable for use because they are at a much greater risk of being used to take over other accounts.
You might also enjoy…
- New neuroscience reveals 4 rituals that will make you happy
- Strangers know your social class in the first seven words you say, study finds
- 10 lessons from Benjamin Franklin’s daily schedule that will double your productivity
- The worst mistakes you can make in an interview, according to 12 CEOs
- 10 habits of mentally strong people