Most popular passwords of 2016 are desperately weak yet again, study finds
'123456' takes top spot, as it did in 2015 and 2014
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.The most popular passwords of 2016 have been revealed and, as ever, the list shows just how lax millions of internet users’ approach to online security still is.
As was the case last year and the year before, ‘123456’ tops the list, with password manager Keeper Security reporting that it was used by 17% of the 10 million passwords – which became public through data breaches that happened in 2016 – it analysed for the study.
Meanwhile, the shamefully familiar ‘123456789’ and ‘qwerty’ took the silver and bronze medal positions, with ‘12345678’ and ‘111111’ rounding out the top five.
Despite repeated warnings from the wider technology industry about the importance of online security, almost all of the 25 entries on the list are easily guessable.
The only real surprises are ‘18atcskd2w’, ‘1q2w3e4r’, ‘1q2w3e4r5t’ and ‘1q2w3e’, which at first glance look like excellent passwords. However, it appears that they only feature on the list because of bots.
As security expert Graham Cluley explained last year while explaining the then baffling rise in popularity of ’18atcskd2w’, “What I believe happened is that these accounts were created by bots, perhaps with the intention of posting spam onto the forums.
“All in all, it’s easier for a spammer who is creating tens of thousands of accounts to use the same password over and over again – especially if the site doesn’t appear to notice anything suspicious is going on.”
Using a mix of numbers and uppercase and lowercase letters is an easy way to make your password tougher to crack, as is the method of using the first letters from the words in a memorable phrase. Alternatively, password managers can create stronger passwords for you.
Though it’s clear that a huge number of users are simply ignoring basic security advice, Keeper Security believes that a bigger share of the responsibility lies with the sites that allow the practice to continue.
“We can criticize all we want about the chronic failure of users to employ strong passwords,” it said. “After all, it’s in the user’s best interests to do so. But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.
“It isn’t hard to do, but the list makes it clear that many still don’t bother.”
The full list of passwords is as follows:
- 123456
- 123456789
- qwerty
- 12345678
- 111111
- 1234567890
- 1234567
- password
- 123123
- 987654321
- qwertyuiop
- mynoob
- 123321
- 666666
- 18atcskd2w
- 7777777
- 1q2w3e4r
- 654321
- 555555
- 3rjs1la7qe
- 1q2w3e4r5t
- 123qwe
- zxcvbnm
- 1q2w3
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments