The most common passwords of 2016 include “123456”, “qwerty” and “111111”, according to new research.
More than 50% of people use the top 25 most common passwords, according to password manager Keeper, with a significant 17% of users safeguarding their accounts with “123456.”
Keeper also found that many website operators are not enforcing password security best practices.
The research scoured 10 million passwords that became public through data breaches that happened in 2016.
Key findings are published below:
• The list of most-frequently used passwords has changed little over the past few years.. That means that user education has limits. While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.
• Four of the top 10 passwords on the list – and seven of the top 15 – are six characters or shorter. This is stunning in light of the fact that, as we’ve reported, today’s brute-force cracking software and hardware can unscramble those passwords in seconds. Website operators that permit such flimsy protection are either reckless or lazy.
• The presence of passwords like “1q2w3e4r” and “123qwe” indicates that some users attempt to use unpredictable patterns to secure passwords, but their efforts are weak at best. Dictionary-based password crackers know to look for sequential key variations. At best, it sets them back only a few seconds.
• Email providers don’t appear to be working all that hard to prevent the use of their services for spam. Security expert Graham Cluley believes that the presence of seemingly random passwords such as “18atcskd2w” and “3rjs1la7qe” on the list indicates that bots use these codes over and over when they set up dummy accounts on public email services for spam and phishing attacks. Email providers could do everyone a favor by flagging this kind of repetition and reporting the guilty parties.
Richard Lack, Managing Director, EMEA, Gigya, said: “The news that 123456 is still the world’s most popular password come as no surprise. Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe.
“At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security.
“Of course, scanning one’s finger or face is far more convenient than creating and remembering yet another username/password combination. What’s more, a survey we conducted found that 80 per cent of all consumers believe that biometric authentication is more secure than traditional registration.
“Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security. This is a win/win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.”