If “123456” is your password, it may be time for a change.
That was the unsurprising conclusion of a survey revealing the internet’s most vulnerable passwords, which also warned that codes using names, sports teams and swear words are more popular than you might think.
The survey, by the UK’s National Cyber Security Centre (NCSC), analyzed passwords belonging to accounts worldwide that had been breached.
Several combinations of numbers made up the top 10, while “blink182” was the most popular musical artist and “superman” the most common fictional character.
But “123456” was the runaway winner, with 23.2 million accounts using the easy-to-crack code. “123456789” was used by 7.7 million, while “qwerty” and “password” were each used by more than 3 million accounts.
Ashley and Michael were the most common names used, followed by Daniel, Jessica and Charlie.
Liverpool topped the table of Premier League football clubs used as passwords, with Chelsea, Arsenal and Manchester United (“manutd”) making up the rest of the top four. Manchester City (“mancity”), by contrast, would finish in 11th place in the Premier League password standings.
The Dallas Cowboys (“cowboys1”) was the most popular NFL team nickname, while Sunday was the most used day of the week and August the most common month.
The top 10 most common passwords were:
- 123456
- 123456789
- qwerty
- password
- 111111
- 12345678
- abc123
- 1234567
- password1
- 12345
“iloveyou” just missed out on the top 10, while “monkey” and “dragon” made surprise appearances in the top 20. Plenty of users also used passwords as an opportunity to employ a colorful array of swear words.
The NCSC recommended using three “random but memorable” terms in a password, to reduce the risk of having an account breached.
“Password re-use is a major risk that can be avoided — nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favorite band,” Ian Levy, NCSC Technical Director, said in a statement.
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password,” he added.