New research suggests that millions of us are still taking the lazy option when it comes to creating a password to accompany user log-in details.

Presently, the password “123456” is the key of choice for many according to a National Cyber Security Centre (NCSC) study. It comes as small surprise that the predictable code was typically found attached to accounts breached by hackers.

The research, published ahead of the NCSC’s Cyber UK conference in Glasgow this week, was conducted as part of a wider investigation into reasons why computer users can be vulnerable to cyber-crime. The study explored public databases of compromised accounts to find out which words, word-chains and phrases were most popular.

Around 23 million passwords were revealed as 123456, while the second favourite was 123456789. Easy-to-guess words such as “Password” and “qwerty” also ranked highly as key codes of choice.

Michael, Charlie, Jessica, Daniel and Ashley were among the most popular names being used. Favourite football teams, such as Liverpool and Chelsea, also featured widely, while Blink-182 was one of the many band names used to protect user accounts.

The NCSC now recommends that individuals exercise more stringency when creating passwords, and has suggested that a string of three random words offers an easy and far more reliable alternative.

Technical director at the NCSC, Dr Ian Levy stated that hacking risks increase for those who choose to use familiar names or well-known terms.

“Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” he said.

User behaviours around online security also came into focus within the NCSC study. Just 15% of those surveyed said that they were confident about protecting themselves when using the internet. More alarmingly, 42% said that they expected to lose money to cyber-fraud.

Less than 50% of respondents in the research said that they used a unique password that was difficult to guess to protect their primary email account.

Australian web security expert, Troy Hunt, holds a database of hacked account information. Speaking on the BBC website, Mr Hunt said that selecting a strong password represented the “single biggest control” that users have when safeguarding their presence online.

“We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them,” he said.

Mr Hunt said that exposing the most popular passwords should serve as a good reminder to computer users of the importance of online security, and prompt them to think of more difficult passwords in future.


GDPR Summit Series is a global series of GDPR events which will help marketers to prepare to meet the requirements of the GDPR ahead of May 2018 and beyond. Further information and conference details are available at http://www.gdprsummit.london/