People are dreadful at picking passwords. The world’s most popular password is the depressingly easy-to-guess 123456, according to an analysis by security firm Keeper of 10 million leaked passwords last year.
There were several major data breaches in 2016 in which people’s login details were leaked online. Some were new — like the hack of adult dating site AdultFriendFinder. In other cases, like LinkedIn, the breach happened years ago, but the data only recently surfaced online. Both instances provided researchers with an unparalleled look at the security habits of millions of people — it’s not pretty.
The second most-used password was 123456789, according to Keeper, followed by the predictable qwerty. Then came 12345678, and in fifth place was the obvious 111111.
“Looking at the list of 2016’s most common passwords, we couldn’t stop shaking our heads,” the researchers wrote in a blog post. “Four of the top 10 passwords on the list — and seven of the top 15 — are six characters or shorter. This is stunning in light of the fact that, as we’ve reported, today’s brute-force cracking software and hardware can unscramble those passwords in seconds. Website operators that permit such flimsy protection are either reckless or lazy.”
Longer passwords can be harder to remember. But that’s not an excuse to just use qwerty. Security experts recommend that people use a different, strong password for each service or website they have an account with, storing them with a password manager app if necessary. That way, if one service you used is breached, your accounts on others aren’t compromised as well.
And you should also activate two-factor authentication whenever possible, so that even if your password is exposed, attackers still can’t get into your account without access to your phone. On a long enough timescale, everyone gets hacked. But by not using — and re-using — weak passwords, you can limit the damage.
Finally, here’s the full list. If any of your passwords are on here, change them immediately.