Pals. Brethren. Comrades. The Internet is a wonderful place, but it is often also filled with danger and dastardly villains. You get people climbin’ in your Windows and snatchin’ your data up all the time. All the more reason why people should have strong, hard-to-crack passwords, right?
Unfortunately, a lot of people haven’t received the memo. 2016 was the year of the data breach – seeing hacks of websites such as Yahoo, LinkedIn and, uh, AdultFriendFinder leak a whopping 10 million passwords to the world. Yikes.
Keeper, a password manager and digital vault service, trawled through the passwords and did a ton of data-crunching on the leaks. What they found? Most Internet users are pretty much as clueless as ever when it comes to securing their information.
The most common passwords in the world
Here’s the kicker, guys. The number one most common password, 123456, was used by a whopping 17 per cent of people. 17 per cent! In the words of Keeper’s researchers: “Looking at the list of 2016’s most common passwords, we couldn’t stop shaking our heads.” Rightly so – considering that four of the top ten on the list were only six characters or shorter.
Keeper’s research also revealed some notable findings about people’s password behaviour:
- The list of most common passwords haven’t really changed. People have been using ‘qwerty‘ for years, with no sign of stopping. This means that it’s up to website operators and brave, very patient IT administrators to integrate prompts for users to create strong passwords into their website or app’s user experience.
- Four out of the top ten most common passwords on the list were six characters or shorter. This is not good – brute-force cracking software (imagining a battering ram against your very weak password door) can suss out these passwords lickety-split.
- People think they’re being clever by using mixed numbered and lettered passwords like 1q2w3e4r or 123qwe. However, seeing as they are sequential in pattern, these passwords are also easily crackable.
- If you take a close look at numbers 15, 17 and 20, these stand out because they seem fairly random. Therefore less easy to crack, hypothetically. Right? Well, apparently their appearance on the top 20 list indicates that these might be bot-created. This is important, as bots use the same ones over and over again to create fake accounts. Information like this is useful, so IT administrators can flag these bot accounts an delete them.
Our top suggestions for keeping your data secure
- Enable two-factor authentication wherever possible. This puts another wall in front of potential hackers or phishers.
- Use a mix of capital letters, numbers, symbols and upper/lowercase letters.
- Ensure your password is at least eight characters long.
- We know this is a pain – but try not to use the same password for all of your accounts. If you can’t remember all of your passwords, use an online (and secure) password manager to keep track.
In time, most accounts can be compromised. However, using those tips, you can limit the damage caused by malicious attacks on your accounts. Be safe, guys!