New research has done little to suggest people around the world are becoming more cyber aware, with predictable password 123456 still the most common.
Despite warnings from governments, corporates and commentators, and against a backdrop of major breaches, nearly 17 per cent of internet users are safeguarding accounts with the predictable password of 123456.
Findings put together by Keeper, which analysed in excess of ten million passwords available on the public web, suggested website operators are still not doing enough to encourage and enforce best practice when it comes to passwords.
Alongside 123456, other predictable password combinations such as 123456789, QWERTY and 111111 fill out the top five most common. Keeper revealed the top 25 passwords of 2016 equate to 50 per cent of the ten million passwords looked at.
Richard Lack, managing director in EMEA for Gigya, said the findings come as “no surprise”. “Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe,” he added.
“At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security.”
A survey conducted by Gigya found that 80 per cent of all consumers believe biometric authentication is more secure than traditional registration.
Despite attempts by some users to move away from predictable password examples, Keeper warned that dictionary-based password crackers know how to look for sequential key variations. Meanwhile, seemingly random passwords such as 18atcskd2w are an indication that bots are using these codes numerous times to set up dummy accounts on public email services so spam and phasing attacks can be conducted.
For businesses concerned about how secure registration pages are for consumers, Keeper suggests stipulating a variety of characters (numerical, uppercase, lowercase and special characters) and avoidance of dictionary terms.
While dictionary-based password crackers can guess passwords using lists of predictable password examples, it would take 4.825650839752918 to brute-force crack a randomly-generated 51-character password with letters, numbers and symbols.
25 most common and predictable password examples of 2016
Sign up to our newsletter to get the latest from Business Advice.