Easily guessed passwords being used across multiple accounts have been highlighted as a major gap in the online security practices of Internet users.
A survey by the UK’s National Cyber Security Centre (NCSC) found that many British Internet users did not know the best ways to protect themselves from cybercrime.
Only 15% said they knew “a great deal” about how to protect themselves from harmful activity online, while less than half said they always used a strong, separate password for their main e-mail account.
The findings were released ahead of the NCSC’s CyberUK 2019 conference in Glasgow, which will be used to inform government policy and the guidance it offers to business and the public.
The research also included lists of the most commonly used passwords globally, highlighting the number of easily guessed logins still being widely used.
“123456” was the most used, ahead of “123456789” and “qwerty” — the series of letters which appear in a line on a computer keyboard — the word “password” and “1111111”.
NCSC technical director Ian Levy said: “We understand that cybersecurity can feel daunting to a lot of people, but the National Cyber Security Centre has published lots of easily applicable advice to make you much less vulnerable.
“Password re-use is a major risk that can be avoided — nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.”
‘Be creative’
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”
“Ashley” was revealed to be the most common name used in a password, followed by “Michael”, “Daniel”, “Jessica” and “Charlie”.
“Liverpool” was the most common Premier League Football team used in a password, with “Blink182” the most common music act.
Security researcher Troy Hunt, whose website Have I Been Pwned allows users to check if any of their accounts have been compromised in cyberattacks by collecting data from those breaches — he helped compile the list — said Internet users needed to be more creative in their approach to passwords.