Over 23 million breached accounts used ‘123456’ as password

Image of passwords from PAAC IT

An analysis of the 100,000 most-commonly re-occurring breached passwords confirms that ‘123456’ is the undisputed king of atrocious passwords.
Using data from Have I Been Pwned (HIBP), a website that allows users to check if their email addresses or passwords have appeared in a known data breach, the United Kingdom’s National Cyber Security Centre (NCSC) has found that 23.2 million user accounts worldwide were “secured” with ‘123456’. Its close, and similarly poor, relative, ‘123456789’, was used 7.7 million times, leaving the door just as wide open for cybercriminals. Other stalwarts among the most common passwords – ‘qwerty’, ‘password’ and ‘1111111’ – rounded out the top five.
And perhaps just as unsurprisingly, many of the most-hacked passwords were made up of names, soccer teams, musicians, and fictional characters. Some of the most popular choices each appeared in hundreds of thousands of passwords.

The NCSC made available the entire list of the 100,000 most commonly re-occurring passwords for breached user accounts. Overall, the NCSC’s findings may well bring echoes of other analyses of the most commonly re-occurring passwords. As ESET also reported late in 2018 and 12 months earlier, studies conducted annually by password security company SplashData produced very similar results.

At any rate, if any of your passwords appears on the NCSC’s list, you would be very well advised to change it post-haste, and perhaps use some of our guidance for picking passwords or passphrases that are both strong and unique. You can also use our how-to guide to check on HIBP if any of your online accounts may have been the victim of a known breach.

Setting up multi-factor authentication wherever possible will add an extra layer of security in exchange for very little effort. Read our guide on how to set this up.


Alongside the password risk list, the UK National Cyber Security Centre also published the results of its first ‘UK Cyber Survey’, which sought to find more about people’s awareness of, and attitudes towards, cybersecurity.

The survey, which gathered input from more than 2,500 people in the UK between November 2018 and January of this year, found that only 15% say they know “a great deal” about how to protect themselves from harmful cyber-activity. Most (68%) said that they know “a fair amount”.

More than two-thirds of the respondents believe that they will likely fall victim to at least one type of cybercrime over the next two years. The most prevalent concern was money being stolen, as 42% fear that this is likely to happen by 2021.

Talk to us to learn more about how to protect yourself online. Call on 01428 770 290 or message us here.

This article is courtesy of ESET We Live Security

About Us

We provide supportive leadership enabling our business community to succeed and prosper through effective use of IT and Technology. PAAC IT is an IT Company in Surrey offering small businesses the personal attention and care that their IT systems deserve. If your company has between 1 and 100 employees and need a IT Company in Surrey we would love to hear from you!

Find out more
"PAAC IT provide a managed service for our PCs on a fixed monthly charge. Really great, they are there when we need them"
Julia Macquisten - OwnerLucas Field Media
"PAAC-IT provide and maintain our Apple Macs and Macbook Pros. Richard and his team at PAAC IT are very prompt and responsive when we need help, and a pleasure to work with"
David Alden - DirectorAlden Holmes
"Our business is highly dependent on computer technology – all the way from design and creative software platforms to administration processes. PAAC-IT set up and configured our mix of PC and Apple computers, file servers and security software and now keep it running. The team at PAAC-IT is very competent and keep our IT running smoothly"
Edward Green - DirectorMilly Green
"I was having trouble making Skype calls to my son. Both Darren and Connor were extremely helpful and patient. They were so kind to get the computer in and out of the car for me - i couldn't have done this on my own as i am disabled"
Jane Nightingale
"On moving house we required help of PAAC to coordinate a tablet, PC and laptop with new security and email addresses and to ensure transfer of old contact details etc. Some of this work was undertaken by Darren in the Midhurst shop and some at our new address. Darren was professional and helpful with successful results. PAAC also followed up with care to ensure that all was well. "
A satisfied customer
"I have been dealing with PAAC IT, mostly in their Midhurst Office, but also in Haslemere, for the past three or four years. They clearly understand Macs and have given me good advice, and sorted out various issues for me. Things did go wrong with the network wireless adapters I had bought from them, but they were quick to ensure they were checked and replaced without a problem, and they followed up with me a month later to ensure all was OK. That’s good customer service!"
James Tree
"Dynamite, goes the extra yard every time, reliable and essential support to my business."
Lawrence MullenThe Talking Trade
"Good, dependable, brilliant, local"
Anneke Clegg
"I have been using the services of PAAC IT for over two years. During this time I have found the staff to be courteous, understanding, and very efficient. I have received first class service on each and every occasion – from keeping my ancient computer running, to advising and supplying a suitable replacement when it eventually crashed. All my transactions have been with the team in the Haslemere shop where Richard, Mark, Darren and Oliver have addressed my computer difficulties with great patience and kindness. To them I am eternally grateful."
Derek Smyth