Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Most popular passwords of 2016 are desperately weak yet again, study finds

'123456' takes top spot, as it did in 2015 and 2014

Aatif Sulleyman
Monday 16 January 2017 14:07 EST
Comments
Not a particularly secure choice
Not a particularly secure choice (Reuters)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The most popular passwords of 2016 have been revealed and, as ever, the list shows just how lax millions of internet users’ approach to online security still is.

As was the case last year and the year before, ‘123456’ tops the list, with password manager Keeper Security reporting that it was used by 17% of the 10 million passwords – which became public through data breaches that happened in 2016 – it analysed for the study.

Meanwhile, the shamefully familiar ‘123456789’ and ‘qwerty’ took the silver and bronze medal positions, with ‘12345678’ and ‘111111’ rounding out the top five.

Despite repeated warnings from the wider technology industry about the importance of online security, almost all of the 25 entries on the list are easily guessable.

The only real surprises are ‘18atcskd2w’, ‘1q2w3e4r’, ‘1q2w3e4r5t’ and ‘1q2w3e’, which at first glance look like excellent passwords. However, it appears that they only feature on the list because of bots.

As security expert Graham Cluley explained last year while explaining the then baffling rise in popularity of ’18atcskd2w’, “What I believe happened is that these accounts were created by bots, perhaps with the intention of posting spam onto the forums.

“All in all, it’s easier for a spammer who is creating tens of thousands of accounts to use the same password over and over again – especially if the site doesn’t appear to notice anything suspicious is going on.”

Using a mix of numbers and uppercase and lowercase letters is an easy way to make your password tougher to crack, as is the method of using the first letters from the words in a memorable phrase. Alternatively, password managers can create stronger passwords for you.

Though it’s clear that a huge number of users are simply ignoring basic security advice, Keeper Security believes that a bigger share of the responsibility lies with the sites that allow the practice to continue.

“We can criticize all we want about the chronic failure of users to employ strong passwords,” it said. “After all, it’s in the user’s best interests to do so. But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.

“It isn’t hard to do, but the list makes it clear that many still don’t bother.”

The full list of passwords is as follows:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in