Over 23 million breached accounts used ‘123456’ as password

Image of passwords from PAAC IT

An analysis of the 100,000 most-commonly re-occurring breached passwords confirms that ‘123456’ is the undisputed king of atrocious passwords.
Using data from Have I Been Pwned (HIBP), a website that allows users to check if their email addresses or passwords have appeared in a known data breach, the United Kingdom’s National Cyber Security Centre (NCSC) has found that 23.2 million user accounts worldwide were “secured” with ‘123456’. Its close, and similarly poor, relative, ‘123456789’, was used 7.7 million times, leaving the door just as wide open for cybercriminals. Other stalwarts among the most common passwords – ‘qwerty’, ‘password’ and ‘1111111’ – rounded out the top five.
And perhaps just as unsurprisingly, many of the most-hacked passwords were made up of names, soccer teams, musicians, and fictional characters. Some of the most popular choices each appeared in hundreds of thousands of passwords.

The NCSC made available the entire list of the 100,000 most commonly re-occurring passwords for breached user accounts. Overall, the NCSC’s findings may well bring echoes of other analyses of the most commonly re-occurring passwords. As ESET also reported late in 2018 and 12 months earlier, studies conducted annually by password security company SplashData produced very similar results.

At any rate, if any of your passwords appears on the NCSC’s list, you would be very well advised to change it post-haste, and perhaps use some of our guidance for picking passwords or passphrases that are both strong and unique. You can also use our how-to guide to check on HIBP if any of your online accounts may have been the victim of a known breach.

Setting up multi-factor authentication wherever possible will add an extra layer of security in exchange for very little effort. Read our guide on how to set this up.


Alongside the password risk list, the UK National Cyber Security Centre also published the results of its first ‘UK Cyber Survey’, which sought to find more about people’s awareness of, and attitudes towards, cybersecurity.

The survey, which gathered input from more than 2,500 people in the UK between November 2018 and January of this year, found that only 15% say they know “a great deal” about how to protect themselves from harmful cyber-activity. Most (68%) said that they know “a fair amount”.

More than two-thirds of the respondents believe that they will likely fall victim to at least one type of cybercrime over the next two years. The most prevalent concern was money being stolen, as 42% fear that this is likely to happen by 2021.

Talk to us to learn more about how to protect yourself online. Call on 01428 770 290 or message us here.

This article is courtesy of ESET We Live Security

About Us

We provide supportive leadership enabling our business community to succeed and prosper through effective use of IT and Technology. PAAC IT is an IT Company in Surrey offering small businesses the personal attention and care that their IT systems deserve. If your company has between 1 and 100 employees and need a IT Company in Surrey we would love to hear from you!

Find out more