Doha: According to a study released by a leading cybersecurity firm, top passwords used by netizens are so weak that it will take only few seconds to crack them.
If you are using “123456” as your password you are not alone. Nearly 17 percent of users worldwide are safeguarding their accounts with “123456”, one of the easiest passwords to crack.
Keeper Security, a cybersecurity company, scoured 10 million passwords that became public through data breaches that happened in 2016, and has put out a list of most commonly used passwords.
'123456789' and 'qwerty' completes the top three passwords used by people worldwide.
The study also found that four of the top 10 passwords on the list are six characters or shorter.
Passwords '12345678', '111111', '1234567890', '1234567', 'password', '123123', '987654321' were among the top ten list.
“Looking at the list of 2016’s most common passwords, we couldn’t stop shaking our heads. Nearly 17 percent of users are safeguarding their accounts with “123456.” What really perplexed us is that so many website operators are not enforcing password security best practices,” Keeper Security said in their blog.
The list of most-frequently used passwords has changed little over the past few years. That means that user education has limits. While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.
Four of the top 10 passwords on the list – and seven of the top 15 – are six characters or shorter. This is stunning in light of the fact that today’s brute-force cracking software and hardware can unscramble those passwords in seconds. Website operators that permit such flimsy protection are either reckless or lazy.
The presence of passwords like “1q2w3e4r” and “123qwe” indicates that some users attempt to use unpredictable patterns to secure passwords, but their efforts are weak at best. Dictionary-based password crackers know to look for sequential key variations. At best, it sets them back only a few seconds.
Email providers don’t appear to be working all that hard to prevent the use of their services for spam. Security expert Graham Cluley believes that the presence of seemingly random passwords such as “18atcskd2w” and “3rjs1la7qe” on the list indicates that bots use these codes over and over when they set up dummy accounts on public email services for spam and phishing attacks. Email providers could do everyone a favor by flagging this kind of repetition and reporting the guilty parties.
