Skip to main content

Online passwords: Research confirms millions of people are using 123456

Despite repeated warnings from online security experts advising against the use of easy-to-crack passwords, it seems some many folks still can’t be bothered to think up a more complex string of characters to protect their accounts.

A recent study by the U.K.’s National Cyber Security Center (NCSC) that looked at public databases of breached accounts confirms that for many people, simple passwords are still a thing, with 23.2 million accounts globally using “123456” — the most common string on the list.

Perhaps not surprisingly, second is “123456789,” while others include “password”, “1111111,” and “qwerty.”

The NCSC collaborated with Australian online security expert Troy Hunt — known for his Have I Been Pwned site — to learn more about the kinds of passwords that some people are using to protect their accounts.

You can explore Hunt’s database yourself to find how many times simple passwords (or your own) have showed up in lists of accounts caught up in security breaches. For example, enter “zxcvbnm” (the letters appearing on the bottom row of a keyboard), and you’ll see that the password has showed up in data breaches more than 575,000 times.

On his site, Hunt offers some advice on how you can better protect yourself online. While not using “123456” as a password would certainly be a good start, Hunt suggests using a password manager app such as 1Password. Digital Trends has an article featuring the best password manager apps currently available.

Hunt also suggests using two-factor authentication with sites and apps that offer it, to give yourself an extra layer of protection against hackers. Finally, you can subscribe to his “notify me” service, which automatically sends you a notification if your email address appears on a list of hacked data, prompting you to reset your password.

“Making good password choices is the single biggest control consumers have over their own personal security posture,” Hunt told the NCSC. “We typically haven’t done a very good job of that either as individuals or as the organizations asking us to register with them.”

He added: “Recognizing the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Here’s how much faster Nvidia’s RTX 4090 is at cracking passwords
Nvidia GeForce RTX 4090 GPU.

You really shouldn’t be trying to manage your own passwords when high-performance graphics cards featuring GPUs as powerful as Nvidia’s GeForce RTX 4090 could be in use by hackers. The password-cracking speed of Nvidia’s best GPU has been highlighted before but the latest revelation points out the performance compared to other graphics cards.
Security analyst and researcher Sam Croley goes by Chick3nman on Twitter where he shares information related to password security. The latest tests show the RTX 4090’s Hashcat performance is roughly eight times greater than eight GTX 1080s. Compared to Nvidia’s best GPU from the previous generation, the RTX 4090 is nearly twice as fast as the RTX 3090. The tweet was the first spotted by Tom’s Hardware.

Replying to a question in the same Twitter thread, Croley said Nvidia’s GeForce RTX 4090 GPU is more than three times faster than an AMD Radeon RX 6900 when using the hash speed benchmark Hashcat. Croley noted that the relative performance of AMD’s Radeon RX 7000 series is still unknown.

Read more
Passwords are hard and people are lazy, new report shows
A person using 1Password on a MacBook.

Despite ongoing efforts by security researchers and internet titans to push us to use stronger passwords and two-factor authentication to secure online accounts, people are lazy and continue to make serious mistakes that jeopardize their privacy and security, a new report shows.

A new survey that delves into password selection shows an alarmingly high number of people reuse passwords across multiple accounts. If you are doing this, you should be aware that it only takes one security breach to put all of your accounts at risk. Hackers know that this is a common practice and will try the same stolen passwords at every popular online service in hopes of gaining easy access.

Read more
This new Windows 11 feature will help you protect your passwords
A man sits, using a laptop running the Windows 11 operating system.

The new Windows 11 22H2 update was just released, bringing an interesting security feature. Dubbed "Enhanced Phishing Protection," this feature was made to help users protect their Windows passwords a little bit better.

Enhanced Phishing Protection will warn users whenever they enter their Windows password in places where it's not needed. Here's how it works.

Read more