This article is more than 1 year old

It's 2016 and idiots still use '123456' as their password

Just think how many of this lot are your own users...

Put your head in your hands, sysadmins: the usual weak suspects continue to make up the top most used 25 passwords.

The ubiquitous ”123456" remains the most popular password among web users, followed by "password" in a list of user credentials leaked online last year.

“Qwerty” appears in fourth place of the list of compromised credentials put together by password management outfit SplashData.

Further down the list “dragon”, “football” and “batman” all make their debuts as new entries.

Security experts warn that easy to remember passwords are increased easily guessed by potential attackers.

Matt Marx, an information security consultant at MWR InfoSecurity, said: “In order to crack users' passwords, researchers and attackers alike use powerful GPU password cracking rigs. The rig that MWR uses can perform over 20 billion guesses a second against Microsoft Windows password hashes. In fact, a user that had a password in the top 25 passwords would have their password guessed by such a rig in under a second."

Web users need to mix things up.

Gavin Millard, technical director EMEA at security tools firm Tenable Network Security, commented: "Individual passwords should either be created using a recipe per site, an automated tool like a password manager or by using a suggested password by the browser.

"To reduce the risk of data loss, organisations need to enforce password best practices (length, strength, complexity), educate users on the importance of credential management, and roll out two factor authentication where applicable to ensure employees can’t use poor passwords on corporate resources,” he added. ®

More about

More about

More about


Send us news

Other stories you might like