It’s something we’re all regularly warned against, but it seems that many of us are still using passwords that are incredibly easy to guess.
Experts from Peec AI have analysed 100 million passwords from data breaches over the last six years to reveal the most common words, phrases, and values.
Amazingly, ‘123456’ is the most popular number combination, featuring in 6,621,933 breached passwords.
‘Password’ also remains surprisingly common, featuring 946,935 times.
‘Considering the high volume of passwords leaked every year, along with the rise in scam and phishing reports, using obvious combinations like “123456”, which is used a staggering 6.6 million times, puts you and your personal information at high risk,’ said Malte Landwehr, CMO of Peec AI.
‘Nearly everything we use online, from banking and shopping to social media, requires a password (even if you primarily use Face ID on your phone).
‘As cybercriminals continue to target users, strong password security has never been more important.
‘Attackers often use dictionaries and lists of common passwords in their attempts to crack passwords, so it’s important to make yours as difficult as possible to guess.’
It’s something we’re all regularly warned against, but it seems that many of us are still using passwords that are incredibly easy to guess
For the study, the team analysed data from a combination of global data breaches since 2019 – a total of 10 million passwords.
They then broke the passwords down into categories, including names, values, years, football teams, sports, and famous figures.
In the names category, Michael was the most common option, featuring in 107,678 of the 10 million passwords.
This was followed by Daniel (99,399), Ashley (91,977), Jessica (86,410), and Charlie (82,348).
For values, 123456 topped the list, while more than two million passwords featured the slightly longer 123456789.
Other common values included 123123 (666,404), 1234567 (730,840), and 111111 (968,155).
Among football teams, Liverpool, Chelsea, Barcelona, Arsenal, and Juventus were the most used, while for sports, football topped the list, followed by baseball and soccer.
Famous figures also remain popular for passwords.
Blink–182 was used in 84,545 passwords, along with 50 Cent (55,897), Eminem (43,344), and Justin Bieber (34,296). Pictured: rapper Eminem
Superman (used 86,937 times) was the most popular fictional character for passwords, followed by Batman, Wall–e, Hello Kitty, and Spongebob
Blink–182 was used in 84,545 passwords, along with 50 Cent (55,897), Eminem (43,344), and Justin Bieber (34,296).
Meanwhile, Superman (used 86,937 times) was the most popular fictional character for passwords, followed by Batman, Wall–e, Hello Kitty, and Spongebob.
If you use any of these words or numbers in your passwords, Mr Landwehr advises changing them immediately.
‘You should aim for a password that is at least 12 characters long, as long passwords are generally more secure, and include a combination of uppercase and lowercase letters, numbers, and special characters, such as ., !, @, #, $, %,’ he advised.
‘Also, try to mix up letters, numbers, and symbols that do not follow predictable patterns, such as “12345” or “qwerty”.
‘Hackers can easily guess personal information, such as names, birthdays, family members, pets, or hobbies that are publicly available, so it’s best to create passwords that don’t relate to you.’
The expert also advises using different passwords for different accounts.
‘If a hacker guesses your password on one platform, they will likely attempt it on all your other active platforms,’ he added.
‘It can be difficult to keep track of long, complex passwords – with special characters, uppercase letters, and more – but password managers can help.
‘They store (and even generate) secure passwords for each of your accounts, making it much easier to manage and remember multiple strong passwords.’
Finally, it’s best to enable multi–factor authetication (MFA) to keep cybercriminals at bay, according to Mr Landwehr.
‘[MFA] adds an extra layer of protection by requiring a second method of verification, such as a temporary code texted to your phone or a mobile authenticator app (such as Google Authenticator or Authy),’ he added.
‘With an MFA in place, even if someone has your password, they won’t be able to access your account without that second layer of verification – so make sure you use it especially for your email, bank, and social media accounts.’
