Procurement · 17 January 2017

Predictable password still world’s most common

Predictable password
Businesses need to be taking the initiative and enforcing strong passwords

New research has done little to suggest people around the world are becoming more cyber aware, with predictable password 123456 still the most common.

Despite warnings from governments, corporates and commentators, and against a backdrop of major breaches, nearly 17 per cent of internet users are safeguarding accounts with the predictable password of 123456.

Findings put together by Keeper, which analysed in excess of ten million passwords available on the public web, suggested website operators are still not doing enough to encourage and enforce best practice when it comes to passwords.

Alongside 123456, other predictable password combinations such as 123456789, QWERTY and 111111 fill out the top five most common. Keeper revealed the top 25 passwords of 2016 equate to 50 per cent of the ten million passwords looked at.

Richard Lack, managing director in EMEA for Gigya, said the findings come as “no surprise”. “Consumers tell us that they are struggling to remember what is now an average of over 100 passwords in Europe,” he added.

“At a time when the number of devices we own is rising sharply, this frustration has relegated the registration process to being the most broken thing about the internet. The future lies in methods of authentication without passwords, which consumers clearly favour, both in terms of convenience and enhanced security.”

A survey conducted by Gigya found that 80 per cent of all consumers believe biometric authentication is more secure than traditional registration.

Despite attempts by some users to move away from predictable password examples, Keeper warned that dictionary-based password crackers know how to look for sequential key variations. Meanwhile, seemingly random passwords such as 18atcskd2w are an indication that bots are using these codes numerous times to set up dummy accounts on public email services so spam and phasing attacks can be conducted.

For businesses concerned about how secure registration pages are for consumers, Keeper suggests stipulating a variety of characters (numerical, uppercase, lowercase and special characters) and avoidance of dictionary terms.

While dictionary-based password crackers can guess passwords using lists of predictable password examples, it would take 4.825650839752918 to brute-force crack a randomly-generated 51-character password with letters, numbers and symbols.

25 most common and predictable password examples of 2016

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbn
  25. 1q2w3e

Sign up to our newsletter to get the latest from Business Advice.



Hunter Ruthven was previously editor of Business Advice. He was also the editor of Real Business, the UK's most-read website for entrepreneurs and business leaders at the helm of growing SMEs.