As easy as 123456 !

Data security breaches have become common place over the last 10 years, so much so that as an industry we have almost become immune to them.

 

However a recent study carried out by a Turkish Security researcher, Ata Hakcil, on password reuse found after analysing over a billion credentials that "123456" was the most commonly used password!

 

That equates to 1 out of every 142 passwords on the internet with an occurrence of 7 million times in the analysed data set.

 

Some other mind boggling and interesting stats revealed that:

 

• • Out of 1 Billion passwords only 169 million were unique

     

 

• • The average password length was 9.48

     

 

• • 29% only used letters

     

 

• • 13% only used numbers

     

 

• • The top 1000 passwords account for over 6% of all passwords

     

 

 

Interestingly a large of number of the passwords were found to have low entropy, even though they appeared to be strong passwords, which leads the researcher to believe that there may be a password manager out there producing passwords with low entropy as default.

 

The full details of the research can be found at the following Github link:

 

Password Research

 

So the key take away is that if you are using 123456 as a password you better change it now!

 

Humans will continue to make poor choices when it comes to inventing new passwords so my advice is:

 

• • Invest in a password manager

     

 

• • Use Multi Factor Authentication wherever possible for any online services 

     

 

 

Above all take the guessing game out of creating passwords so that you don't become the next victim of a data breach.