Password security is hitting new lows with each passing year and 2016 was no different. According to Keeper Security, the most popular password in 2016 was ‘123456’, a whopping 17% of the 10 million passwords analysed by the company. This was the same case in 2015 and it seems like the stupidity of internet users is at its peak, at least as far as password security is concerned.
As per Keeper Security’s findings the top 25 passwords of 2016 constitute over 50% of the 10 million passwords available on the public web. If the most popular password of 2016 wasn’t astonishing enough, the other nine in the Top 10 list provide no respite. The second position on the list was claimed by the abominable ‘123456789’, followed by ‘qwerty’ on number three. The list of 2016’s most popular passwords becomes more dismal as ‘12345678’ takes the fourth position, while ‘111111’ claims the fifth spot. You can see the entire list in the image below.
This state of password security is shameful in a day and age where hackers are increasingly using more sophisticated methods of cracking email and website security. In fact, 2016 may have been one of the biggest years for high profile hacks. Popular public figures who faced the wrath of hackers in 2016 range from Facebook CEO Mark Zuckerberg to Google Chief Sundar Pichai, Katy Perry to Channing Tatum, and even Ex US Presidential nominee Hillary Clinton.
Key individuals aside, hackers also targeted social media accounts of multinational organisations like Netflix and Disney. Although, those accounts were hacked just to apprise the companies of the sad state of their security measures. Perhaps one of the most prominent password breaches of 2016 was that of 1 billion Yahoo accounts, exposing the names, email addresses and passwords of Yahoo users.
Just in case it seems difficult to connect to these global examples, India also saw its share of celebrity hacks. A hacker group called Legion accessed Twitter and email accounts of Congress leader Rahul Gandhi, journalists Barkha Dutt, Ravish Kumar and disgraced business tycoon Vijay Mallya.
After all this, 2016 should have set a precedent for not using weak and rehashed passwords, instead netizens proved to be dumber than ever. Keeper Security notes, “The list of most-frequently used passwords has changed little over the past few years.. That means that user education has limits. While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.” The report goes on to state that Four of the top 10 passwords and seven of the top 15 on the list mentioned above, are six characters or shorter, making them easily accessible through brute-force cracking software and hardware that can unscramble those passwords in seconds. Protection against such reckless passwords is as much the onus of website providers as it is of users.
Spam emails are also to blame for some of the passwords on this list. According to Security expert Graham Cluley, the presence of seemingly random passwords such as “18atcskd2w” and “3rjs1la7qe” on the list indicates that bots are using these codes repeatedly, when they set up dummy accounts on public email services for spam and phishing attacks. “Email providers could do everyone a favor by flagging this kind of repetition and reporting the guilty parties,” notes the Keeper study.
Password novice? Here’s what you can do
So how can you save yourself from making the foolish choice of using a memorable, yet weak password? The basics of password security include the following -
- Never use the same password for multiple accounts
- Frequently change all your passwords
- Use a mix of letters, numbers and symbols
- Do not use personal information such as date of birth, family names, etc
- Enable 2-step verification wherever possible
- Never openly store your passwords on your smartphones or tablets
With this, we hope 2017 is a better year for password security. Remember, you may have nothing to hide, but that doesn’t mean you and your information is not vulnerable. A hacked password can result in many ugly situations including threats, financial losses and even blackmail. So be wise and go change your password right now!