New analysis of passwords reveals too many that are easy to crack

Posted Apr 21, 2019 by Tim Sandle
How much have people learned from the high-profile hacking stories that seem to appear with increasing regulatory? Not so much if a new review of the simplicity of passwords is anything to go by.
The "Avalanche" network would be contacted by other criminal groups to send emails to cont...
The "Avalanche" network would be contacted by other criminal groups to send emails to containing malware to steal bank details and password
Thomas Coex, AFP/File
The review has been undertaken by the UK's National Cyber Security Centre (NCSC) and it looks at passwords in general and passwords in association with accounts that have been hacked. The key finding is that the password used by the majority of people who have had their on-line security compromised in someway is - 123456.
From its review of public databases, the NCSC found that the numerical sequence 123456 appears in more than 23 million passwords. Following this six digit run across the standard keyboard, the other common and easily hackable passwords were: "qwerty", "password" and 1111111.
Another common password is for a user to use their name or the name of someone they are close to. Here the name most often used to form a passwords was "Ashley". This is followed by "Michael", "Daniel", "Jessica" and "Charlie." Overall the use of names tallies with the most popular names that people are electing to call their new-born children.
Another common area for password naming was for people to use sports teams. Given the popular of soccer in the U.K., the most commonly used football club names are those from the Premier League, with "Liverpool" and "Chelsea" coming top. Another area is with bands. From the musical side, "Blink-182" takes top spot. "Superman" was the most popular fictional character. The Kyrptoninan was followed by "Naruto", "Tigger", "Pokemon" and "Batman".
Speaking with the BBC, Dr Ian Levy, technical director of the NCSC indicated that those who continue to use well-known words or names as a password are at a far higher chance of being hacked. Levy states: "Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band."
In terms of developing a stronger password, the NCSC recommends that on-line users should string three random but memorable words together in order to form a password that is harder to crack.