Are you using any of these 100,000 worst passwords for cybersecurity?

The first-ever “UK Cyber Survey” reported that 23.2 million victims of breaches worldwide used 123456 to protect their account, making it the top on a long list of worst passwords for cybersecurity.

In collaboration with Troy Hunt, a web-security specialist, the United Kingdom’s National Cyber Security Centre (NCSC) released a global password risk list earlier this week. The list reported the top 100,000 worst passwords for cybersecurity, which revealed the passwords that are most commonly found in data breaches.

Follow Ladders on Flipboard!

Follow Ladders’ magazines on Flipboard covering Happiness, Productivity, Job Satisfaction, Neuroscience, and more!

Top 20 worst passwords for data breaches

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345
  11. 1234567890
  12. 123123
  13. 000000
  14. iloveyou
  15. 1234
  16. 1q2w3e4r5t
  17. qwertyuiop
  18. 123
  19. monkey
  20. dragon

The NCSC recommends that you change your password immediately if you see it anywhere on the list of 100,000 passwords most commonly found in data breaches. Dr. Ian Levy, NCSC Technical Director, suggests combining three random words to create a hard-to-guess password.

Why using one of these worst passwords is a cybersecurity problem

Using passwords that have been commonly found in data breaches pose a risk for both individuals and companies. Passwords on this list are already in the public domain and have been shared by hackers, and cyber-attackers commonly use lists like this when trying to hack into a system.

Attackers have been able to breach corporate networks and move into the internal system due to a single weak point, such as use of a password from one of these lists.

Most commonly used passwords in breaches by name, Premier League football teams, musicians, and fictional characters

The UK Cyber Survey also identified categories of most commonly used passwords found in breaches. Find the top passwords in each category below:

Ashley was the most common first name to be used as a password in a breach.

Liverpool was the most common Premier League football team to be used as a password in a breach.

Blink182 was the most common password related to music to be used in a breach.

Superman was the most common fictional character to be used as a password that appeared in a breach.

Troy Hunt cybersecurity tools

Hunt created Have I Been Pwned, a tool that allows users to check if one of their accounts has been compromised, after the Adobe breach of customer accounts. The data comes from past breaches, which are situations where data is exposed to a vulnerable system.

The Pwned Passwords feature allows individuals in any country to check if one of their passwords has ever been seen in a data breach. Exposure to breaches makes any password unsuitable for use because they are at a much greater risk of being used to take over other accounts.

You might also enjoy…