Friday, March 31, 2023

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming Webinars
    • On-Demand Webinars
  • Events
    • Upcoming Events
    • On-Demand Events
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
    • Techstrong.tv Podcast
    • TechstrongTV - Twitch
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Techstrong.tv Podcast
    • Techstrong.tv - Twitch
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
  • Media Kit
  • About Us
  • Sponsor

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Hot Topics
  • Noname Security Extends Reach of API Security Platform
  • Challenges of Securing the Modern Workforce
  • Post-Conference Tech Spec: Why Building Your Ship (Application) with Raw Materials is a Bad Idea
  • 3CX VoIP Desktop Application Supply Chain Attack
  • Cybersecurity Insights with Contrast CISO David Lindner | 3/31
Data Security Identity & Access SBN News Security Bloggers Network 

Home » Cybersecurity » Data Security » “123456” Remains the World’s Most Breached Password

SBN

“123456” Remains the World’s Most Breached Password

by David Bisson on April 22, 2019

“123456” remains the most common password which digital criminals abuse to steal unsuspecting users’ sensitive information.

TechStrong Con 2023Sponsorships Available

On 21 April, the United Kingdom’s National Cyber Security Centre (NCSC) partnered with security researcher Troy Hunt to publish the top 100,000 passwords from Hunt’s Pwned Password service. Here are the top 20 passwords from this list:

  1. 123456
  2. 123456789
  3. qwerty
  4. password
  5. 111111
  6. 12345678
  7. abc123
  8. 1234567
  9. password1
  10. 12345
  11. 1234567890
  12. 123123
  13. 000000
  14. iloveyou
  15. 1234
  16. 1q2w3e4r5t
  17. qwertyuiop
  18. 123
  19. monkey
  20. dragon

Overall, Pwned Passwords uncovered “123456” a whopping 23.2 million times across the breached data records it analyzed. This frequency dwarfed the second most-breached password, “123456789,” at 7.7 million instances. It also had nearly 20 million more occurrences than “qwerty,” the third most-compromised secret.

The NCSC isn’t the first entity to release a list of the most frequently breached passwords. In 2016 and 2017, for instance, SplashData released its own “Worst Passwords of the Year” list. Both of those publications found that “123456” topped all other combinations. They did differ from the NCSC’s resource, however, in that they found “password” to be the second most commonly exposed secret.

Dr. Ian Levy, NCSC Technical Director, feels that the list based on Pwned Passwords’ data highlights the risk of reusing passwords across multiple web accounts. That risk rises exponentially, he notes, when those secrets are easily guessable like “123456.” As he explains in a blog post:

We understand that cyber security can feel daunting to a lot of people, but the NCSC has published lots of easily applicable advice to make you much less vulnerable. Password re-use is a major risk that can be avoided – nobody should protect sensitive data with somethisng[sic] that can be guessed, like their first name, local football team or favourite band.

Acknowledging the threats of account takeover and (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/123456-remains-the-worlds-most-breached-password/

April 22, 2019April 22, 2019 David Bisson 123456, IT Security and Data Protection, Latest Security News, NCSC, Password
  • ← “A few Ghidra tips for IDA users, part 2 – strings and parameters”
  • WannaCry hero, Marcus Hutchins pleads guilty to malware charges; may face upto 10 years in prison →

Techstrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows
TSTV Podcast

Subscribe to our Newsletters

Most Read on the Boulevard

ChatGPT Less Convincing Than Human Social Engineers in Phishing Attacks
Should You Have Security Concerns When Partnering With a Third Party?
Business Email Compromise Threats Soar Past Phishing Risks
Survey Surfaces Need to Change SecOps Priorities
AI/ML’s Role in Software Supply Chain Security
USENIX Security ’22 – ‘QuORAM: A Quorum-Replicated Fault Tolerant ORAM Datastore’
🧪 Lit + WebR + Observable Plot: Linking Lit’s Lightweight Web Components And WebR For Vanilla JS Reactivity & JS DataVis
SANS First Look Report: Self-Supervised Learning Cybersecurity Platform for Threat Detection
How Ukraine’s Premier Electronics Retailer Ended Bot Attacks on its Digital Storefront
Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist

Upcoming Webinars

Apr 04

Key Strategies for a Secure and Productive Hybrid Workforce

April 4 @ 1:00 pm - 2:00 pm
Apr 05

Securing Kubernetes With SentinelOne and AWS

April 5 @ 1:00 pm - 2:00 pm
Apr 05

From Vulnerable to Invincible: The Five-Step Journey to Complete Cloud Security

April 5 @ 3:00 pm - 4:00 pm
Apr 12

The State of Cloud-Native Security 2023

April 12 @ 1:00 pm - 2:00 pm
Apr 13

Case Study: Improving Code Security With Continuous Software Modernization

April 13 @ 11:00 am - 12:00 pm
Apr 20

Lessons From a Live Hack: Secure Your Cloud From the Inside

April 20 @ 3:00 pm - 4:00 pm
Apr 24

Securing Open Source

April 24 @ 1:00 pm - 2:00 pm
May 03

https://webinars.securityboulevard.com/ciso-panel-tips-for-optimizing-cloud-native-security-stack-in-2023?utm_campaign=2023.05.03_Aqua_Webinar_SB&utm_source=BMRegister

May 3 @ 3:00 pm - 4:00 pm
May 22

Ransomware

May 22 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?
Analytics & Intelligence API Security Application Security Cloud Security Cyberlaw Cybersecurity Editorial Calendar Endpoint Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight IoT & ICS Security Malware Mobile Security Most Read This Week Network Security News Popular Post Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities Zero-Trust 

FINALLY! FCC Acts on SMS Scam-Spam — But Will It Work?

March 17, 2023 Richi Jennings | Mar 17 0
White House to Regulate Cloud Security: Good Luck With That
Analytics & Intelligence Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security DevOps Editorial Calendar Featured Governance, Risk & Compliance Humor Incident Response Industry Spotlight Malware Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Software Supply Chain Security Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

White House to Regulate Cloud Security: Good Luck With That

March 13, 2023 Richi Jennings | Mar 13 0
‘Extraordinary, Egregious’ Data Breach at House and Senate
Analytics & Intelligence API Security Application Security CISO Suite Cloud Security Cloud Security Cyberlaw Cybersecurity Data Security Editorial Calendar Featured Governance, Risk & Compliance Humor Identity & Access Identity and Access Management Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Ransomware Securing Open Source Security Awareness Security Boulevard (Original) Security Operations Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Extraordinary, Egregious’ Data Breach at House and Senate

March 10, 2023 Richi Jennings | Mar 10 0

Top Stories

Noname Security Extends Reach of API Security Platform
Application Security Cybersecurity Featured News Security Boulevard (Original) Spotlight Vulnerabilities 

Noname Security Extends Reach of API Security Platform

March 31, 2023 Michael Vizard | 2 hours ago 0
Elastic Unfurls Cloud Security Platform for AWS
Cloud Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Elastic Unfurls Cloud Security Platform for AWS

March 31, 2023 Michael Vizard | 8 hours ago 0
Twitter Presses GitHub to Turn Over User Who Leaked Source Code
Cloud Security Cybersecurity Data Security Featured Incident Response Malware News Security Boulevard (Original) Social Engineering Spotlight Vulnerabilities 

Twitter Presses GitHub to Turn Over User Who Leaked Source Code

March 31, 2023 Teri Robinson | 8 hours ago 0

Security Humor

Randall Munroe’s XKCD ‘Qualifications’

Randall Munroe’s XKCD ‘Qualifications’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Digital CxO
  • Techstrong Research
  • Techstrong TV
  • Techstrong.tv Podcast
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
Powered by Techstrong Group
Copyright © 2023 Techstrong Group Inc. All rights reserved.