Despite years of being told we should have strong and unique passwords, people are still using predictable patterns to secure access to their online lives.
The most common passwords of 2018 include “123456”, “qwerty” and “111111”, according to a recently released compilation. Anyone using one of these guessable strings of letters and numbers would be wise to change them immediately if they want to keep their information safe.
More than 50pc of people use the top 25 most common passwords, according to password manager Keeper, with a significant 17pc – almost one in five – of all users having “123456” as their protective code.
Keeper compiled the list by scouring 10 million passwords leaked in data breaches. Predictably, the most popular passwords include variations of “123456” and “qwerty”, as well as “password” and “google”.
HOW TO | Pick a password
- Don’t re-use passwords. One ultra-secure one won’t be any good if someone finds it
- While combining upper and lower case passwords with numbers to alter a memorable word – M4raD0na – is often advised, these are more easily cracked than you might think
- Good advice is to make a long but memorable “passphrase”. String a few words together that you can remember with a visual. “puffineatingbanana” is easy to remember but would take millions of years for a computer to crack
- Alternatively, you can use a password manager such as 1Password, which can generate secure passwords and store them online
- The best way to protect yourself is to use two-factor authentication, which will send a text with a code or use an app to verify your log-in
The list is more worrying than a similar released last year that showed the most common passwords included “starwars”, “monkey” and “football”.
Given the number of people still using common passwords despite dozens of high profile data breaches, Keeper said websites should be responsible for cracking down on easy-to-guess strings of letters and numbers.
“While it’s important for users to be aware of the risks, a sizeable minority are never going to take the time or effort to protect themselves,” said Keeper. “The bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.”
They warned that password cracking software can guess codes that are six characters long in seconds, especially if they use sequential keys.