Despite all the warnings, 23 million people worldwide use the password “123456”. This is according the UK’s National Cyber Security Centre which analysed the Have I Been Pwned data set to produce a list of the top 100,000 passwords.
It’s frankly embarrassing – here’s the top 10. Anyone who uses any of these should have their computer, tablet and phone taken away from them immediately.
Looking through the full list, there’s a reasonable selection of expletives, and for Brits, variations on “Liverpool” appear twenty eight times. For non-Brits, Liverpool is not only a city in the North of England but a premier league football (soccer) team. James Bond 007 is rich pickings too, with variations into the teens. No matter how smart or unique you think you are, there’s someone else who thinks the same.
The NCSC recommends using three random words for passwords such as “tablehouseblue” and not to re-use passwords between accounts. It particularly suggests to always have a different password for your email account.
Dr Ian Levy, NCSC Technical Director, said: “Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band. Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”
You can read the full UK Cyber Survey and there’s more analysis on the password list in this article.