Web users are still using the same old insecure passwords, making it easier than ever for hackers to break into their accounts.
Having to remember passwords is one of the most irritating things about using the internet.
Despite constant warnings from cyber security experts about the importance of using complex, difficult-to-guess passwords, many still opt for convenience over security.
According to a new analysis of the passwords leaked in the recent Yahoo data breach, the most popular choices are still “123456” and “password”
With “qwerty”, “abc123” and “welcome” also making it into the 10, researchers from Lancaster University and Peking and Fujian Normal universities in China said choosing such simple passwords makes it easy for hackers to break into our accounts.
“Just like everybody knows what one should do when red lights are on in the road, eventually everybody will know 123456 or the like is not a good password choice.”
The ten most common passwords in the leaked Yahoo database were:
Aside from the ten most popular choices, the researchers said people often base their passwords on personal information such as names, ages and birthdays – all of which could make it easy for hackers to access their accounts.
They developed an algorithm that allowed them to correctly guess passwords for more than 73% of ordinary users’ accounts. Even for those who were more security-savvy, a third of passwords were cracked in 100 guesses.
If you’re using one of these common passwords, or think you need to step up your online security, check out these tips from cyber security firm Sophos about creating a secure password:
- Use a password phrase and make it relevant. If you’re joining a crossword site, think “knot my pencil” and write it something like this: Kn0tmyP3n$il
- Make it something you can visualize. It’s easier to remember that way
- Make it more than 10 characters and include capitals, numbers and symbols
- The more personal the better. For a clothing retail site think “mY5orit3$hirt’sR3d” (my favorite shirt is red)
- Use names: pets, businesses, family, friends, etc.
- Use letter or number patterns: 1234, abcd, etc.
- Use birthdays, addresses, postal or zip codes, even if you add a number or symbol
- Use less than 10 characters
- Store them locally or on the Internet