As easy as 123456 !

Data security breaches have become common place over the last 10 years, so much so that as an industry we have almost become immune to them.


However a recent study carried out by a Turkish Security researcher, Ata Hakcil, on password reuse found after analysing over a billion credentials that "123456" was the most commonly used password!


That equates to 1 out of every 142 passwords on the internet with an occurrence of 7 million times in the analysed data set.


Some other mind boggling and interesting stats revealed that:


    • Out of 1 Billion passwords only 169 million were unique



    • The average password length was 9.48



    • 29% only used letters



    • 13% only used numbers



    • The top 1000 passwords account for over 6% of all passwords




Interestingly a large of number of the passwords were found to have low entropy, even though they appeared to be strong passwords, which leads the researcher to believe that there may be a password manager out there producing passwords with low entropy as default.


The full details of the research can be found at the following Github link:


Password Research


So the key take away is that if you are using 123456 as a password you better change it now!


Humans will continue to make poor choices when it comes to inventing new passwords so my advice is:


    • Invest in a password manager



    • Use Multi Factor Authentication wherever possible for any online services 




Above all take the guessing game out of creating passwords so that you don't become the next victim of a data breach.

Leave a Comment