Monday 21 October 2019

Revealed: The worst online passwords to have

Spy agency shares 100,000 most commonly used phrases to encourage stronger online security

‘More than 280,000 people use the word liverpool as their online password...’ Stock photo
‘More than 280,000 people use the word liverpool as their online password...’ Stock photo

James Cook

Britain's surveillance agency GCHQ has warned people to stop using 100,000 common passwords for their online accounts because it said the most common words were being shared on the internet by hackers.

The UK intelligence agency's National Cyber Security Centre (NCSC) division has published the 100,000 most commonly used passwords, which reveal that hundreds of thousands of people are using easy-to-guess passwords - such as the name of their favourite football team or band.

More than 280,000 people use "liverpool" as an online password, while more than 333,000 accounts use "superman". However the most common passwords are even simpler - such as "123456," which is used for 23.2m accounts, and "123456789," used for 7.7m accounts.

Hackers download lists of commonly used passwords and use them to try to break into online accounts.

The largest collection of stolen passwords and email addresses to date was posted online in December. The "Collection #1" database contained more than 21m unique passwords, and was distributed on hacking forums.

Dr Lukasz Olejnik, a cybersecurity expert, said predictable passwords were "easier to crack, making the life of cyber criminals easier".

The NCSC has also warned against using the same password for multiple online accounts. Dr Olejnik said reusing passwords was "like putting identical eggs in one basket".

The centre encourages people to use three random words as their passwords. However, Ciaran Martin, the head of the NCSC, said he would be unable to remember all of the complex passwords needed to be secure online.

"We worked out what we were asking everyone to do is memorise a new 600-digit number every month. I don't think I could do that. None of my best people could do that," he said.

The NCSC and security experts including Dr Olejnik recommend the use of password manager programmes and apps, which create strong passwords and then remember them. Dr Ian Levy, technical director of the NCSC, said: "Password managers can help with the burden of remembering lots of different passwords. Just remember to make your master password strong."

The GCHQ division also conducted a survey to find out how knowledgeable people are of online risks and cyber security.

Only 15pc of respondents said they knew "a great deal" about how to protect themselves from harmful cyber activity. The survey found 46pc of respondents said they felt that most information on how to be secure on the internet was confusing. Almost one in three people (30pc) said they expected to have money stolen through cyber crime in the next two years.


123456 -23.2 million uses

123456789 - 7.7 million uses

qwerty - 3.8 million uses

password - 3.6 million uses

1111111 - 3.1 million uses

12345678 -2.9 million uses

abc123 - 2.8 million uses

1234567 - 2.5 million uses

password1 - 2.4 million uses

12345 - 2.3 million uses

Today's news headlines, directly to your inbox every morning.

Editors Choice

Also in World News