Sunday 21 April 2019 1:16 pm

Millions use 123456 as a password, UK spy study finds

It’s 2019, but millions of Brits are still using simple passwords that could easily be hacked.

A survey carried out by the National Cyber Security Centre (NCSC) revealed more than 22m people across the UK used 123456 as a password, making it the most common password used for breached accounts.

Read more: Government urges businesses to ramp up cyber security

Millions of people also opt for easy-to-guess words such as “qwerty” and “password”, according the the study, which analysed accounts that had fallen victim to cyber security breaches.

The findings exposed huge gaps in cyber security knowledge, and the NCSC urged people to use three random words to create a secure password.

The most common name to be used in passwords was Ashley, which featured in more than 432,000 accounts, with Michael and Daniel following closely behind.

Liverpool was crowned champion among Premier League football teams, while Blink 182 and Superman were also common passwords.

Most used overall Names Premier League football teams Musicians Fictional characters
123456 (23.2m) ashley (432,276) liverpool (280,723) blink182 (285,706) superman (333,139)
123456789 (7.7m) michael (425,291) chelsea (216,677) 50cent (191,153) naruto (242,749)
qwerty (3.8m) daniel (368,227) arsenal (179,095) eminem (167,983) tigger (237,290)
password (3.6m) jessica (324,125) manutd (59,440) metallica (140,841) pokemon (226,947)
1111111 (3.1m) charlie (308,939) everton (46,619) slipknot (140,833) batman (203,116)

“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” said Dr Ian Levy, NCSC technical director.

“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”

The survey, which was published ahead of the NCSC’s cyber security conference in Glasgow this week, revealed just 15 per cent of people feel they know a great deal about how to protect themselves online, while 42 per cent expect to lose money to fraud.

Read more: A third of small businesses have no cyber security strategy

Web security expert Troy Hunt said: “Making good password choices is the single biggest control consumers have over their own personal security posture.

“Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence.”