Hundreds of a large number of web clients keep on putting themselves in danger of having their accounts hacked by using incredibly simple and very commonly used passwords which can easily be guessed by hackers or cyber criminals - or worse, just plucked from databases of stolen information.
An analysis of the 100,000 most regular passwords made public by data breaches and hacking campaigns suggests that tremendous swathes of individual still don't understand the importance of having a strong password – or how to create one – using names, sports teams, groups and even just keys close together on the keyboard in an effort to secure their accounts.
The passwords have been accumulated using information from global data breaches which are already in the public domain, having been leaked, shared or sold by hackers or cyber criminals on the dark web.
The full list has been created and shared by the UK's National Cyber Security Centre – the cyber arm of the GCHQ intelligence service – with the point of encouraging users to create strong passwords to help protect their sensitive data.
By far the most commonly used password revealed in data breaches is '123456', with 23.2 million accounts using this common password – made up of the first six numerical keys across the top of a keyboard; 7.7 million users went the whole hoard and used almost all the numerical keys, opting to use '123456789' as their password.
The rest of the top five most commonly used passwords are each utilized by over 3 million users who've fallen data breaches – 'qwerty' appears 3.8m times, 'password' appears 3.6m times and '111111' appears 3.1 million times.
Many of the top 50 most used passwords – practically all of which are used by over half a million people – are based around fundamental ideas, like being made up a straightforward series of numbers, or the same number repeated six or seven times.
Passwords 'monkey', 'iloveyou' and 'dragon' are among the top 20 most used, while 'myspace1' is ranked 26th on the password list with 735,980 users choosing it as their password – it's likely that they selected this as their password for MySpace, even if many have long forgotten about their account on the early social network.
Names are also a common password theme, with hundreds of thousands of users just using a their or their close one's single name as a password. 'ashley' and 'michael' are used by over 400,000 users each, with 'daniel', 'jessica' and 'charlie' each used over 300,000 times.
It's probable that these are the users' own names – meaning that if a hacker gets hold of an email address and no password, cracking it by using the victim's first name may blow the thing wide open.
Bands are likewise a typical topic when it comes to users selecting simple passwords, with the password list detailing how 285,706 users opted for 'blink182' as their password – making the pop-punk band the most commonly usually chosen music related password. '50cent', 'enimem', 'metallica' and 'slipknot' are all each used over 140,000 times.
Sports teams are another basic subject amongst the most reguarly breached passwords. Liverpool wins the title of most utilized Premier League football team in passwords, with 280,723 users choosing 'liverpool' to lock their account.
The remainder of the top five Premier League football teams in the top five most commonly breached passwords are 'chelsea', 'manutd', 'arsenal' and 'everton'.
People who use their favourite sports team name as their password could easily find themselves the victim of a hack – many of the sports fans will talk about their favourite team on social media and it could therefore be relatively easy for a cyber criminal to seek this information out on Twitter or Facebook and use the information in an effort to crack the account.
A serious issue with these simple passwords is that it's incredibly likely that the users are using them across multiple accounts – implying that if their email address and password are exposed in a breach they could easily be used to access other services they uses including social media and online shopping accounts.
"Using hard-to-guess passwords is a strong first step and Experts recommend combining three random but memorable words. Try to Be creative and use words memorable to you, so people can't guess your password..
The NCSC – which has released the password list ahead of it's CYBERUK 2019 conference in Glasgow – suggests using three random words as a password.
The password list was created using breached usernames and passwords gathered on Have I Been Pwned, a website by security expert Troy Hunt which enables users to check if their email address appears in major data breaches.
"Making good password choices is the single biggest control consumers have over their own personal security posture. We typically haven't done a very good job of that either as individuals or as the organisations asking us to register with them," said Hunt.
"Recognising the passwords that are most likely to result in a successful account takeover is an important first step in helping people create a more secure online presence," he added further.
The NCSC has published advice on what makes a good password and how all users can secure their accounts on the official NCSC website.