These are officially the worst passwords we're all still using

(Image credit: reklamlar)

Those constant warnings that passwords need to be strong seem to be falling on deaf ears, as the latest reports show most people still going for the same-old, easy-to-guess password combinations that we’ve all already seen.

Cybersecurity researchers from CyberNews recently analyzed 56 million passwords that were either breached, leaked, or made their way to the broader internet this year to determine any patterns. 

As it turns out, we still love to use the sequence “123456” for the password, as that’s by far the most common one out there with 111,417 instances. “Admin” is also quite a popular one, with almost 17,000 entries, followed by “root” and “guest”.

Celebrity names, swear words

According to the study, people love using different names in their login credentials. Names of popular football teams, personal names, celebrity names, and names of months and days, those have all been observed as frequently used. 

Users were also found to deploy swear words, with one particular profanity raking up almost 300,000 instances.

One of the problems with weak passwords is the fact that some products come with pre-set passwords, with the developers expecting the end-users to replace factory settings with their own passwords at their earliest convenience.

In many cases, this never happens, and many apps and endpoints end up with easy-to-guess passwords for extended periods of time. 

“It is important for customers not to rely solely on developers to protect their credentials and personal data by adopting new internet safety habits, starting with strong password generation and cybersecurity awareness,” said Mantas Sasnauskas, the Head of Security Research at Cybernews. “Due to many services being interconnected, even one leaked password could lead to many accesses, potential damages, and time-consuming recoveries.”

To eliminate this risk factor, most major tech companies these days are building solutions that aim to replace the password, such as Apple’s passkeys solution.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.