"Password top 25 commonly used in 2016" announcement, "123456" "breakthrough" "qwerty" etc. line up in few seconds

The survey team of the password management application "Keeper" examined using the 10 million passwords that were flowing out on the web "The most frequently used password in 2016 top 25"Has been announced. An easy password such as "123456" which enumerated numbers as usual is still used, and passwords which do not know why they are used often at first glance such as "18atcskd2w" which has never been ranked in, and Keeper I also answered the reason.

What the Most Common Passwords of 2016 List Reveals [Research Study] - Keeper Blog
https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/

According to Keeper's research team, 2016 is "Year of mass data leakage", and it is confirmed that about 10 million passwords are leaked. Analyzing "frequently used passwords" using these data, I found that 17% of the total accounts used the password "123456". Although the number of data leaks is increasing year by year, many websites do not take measures to allow users to enter hard-to-leak passwords, and Keeper notifies the administrator of the website "password · I want you to take more responsibility for security. "

The most frequently used password top 25 in 2016 is as follows.

1:123456
2:123456789
3:Qwerty
Four:1 2 3 4 5 6 7 8
Five:111111
6:1234567890
7:1234567
8:Password
9:123123
Ten:987654321
11:Qwertyuiop
12:Mynoob
13:123321
14:666666
15:18atcskd2w
16:7777777
17:1 q 2 w 3 e 4 r
18:654321
19:555555
20:3rjs1la7qe
twenty one:Google
twenty two:1 q 2 w 3 e 4 r 5 t
twenty three:123qwe
twenty four:Zxcvbnm
twenty five:1 q 2 w 3 e

Top 3 accounts for easy-to-guess passwords "1 123456", 2 nd "123456789" and 3 rd "qwerty". Seven out of the top 15 are passwords with 6 or fewer characters, but passwords with 6 or fewer lettersBrute force attack(Brute force attack)Analysis is possible within a few secondsI know that. Keeper points out that websites that are no longer introducing a mechanism to prevent entering too short a password or an easy-to-guess password are "reckless lazy people."

Some users are making efforts to make hard-to-guess passwords like "1q2w3e4r" in 17th place, "123qwe" in 23rd place, "zxcvbnm" in 24th place. However, in order to create a password based on such a keyboard arrangement Also,Dictionary attackIt seems that there is only the effect of delaying the time until analysis by the password cracker of at most a few seconds.


According to security expert Graham Cluley, these passwords are bumps making a dummy account for sending spam, although passwords that are difficult to guess at random at first glance such as "18atcskd2w" "3rjs1la7qe" are ranked in Because it is seen as repeated password typed in. "Mail providers can detect such flags and flag them," Cluley said.

The top 25 ranked password accounts for more than half of the 10 million passwords used in the analysis. If you use the appropriate password, you should immediately change the password to a powerful one that is difficult to analyze. Keeper lists the following three rules as a rule for not hacking passwords.

1: Use various characters
The more passwords combine different types of characters, such as numbers, uppercase letters, lowercase letters, and special characters, passwords are harder to be broken by brute force attacks. In addition, it seems that a password combining 51 randomly generated letters, numbers and special characters takes about 5 years to break before brute force attack.

2: Do not use passwords on dictionary attack list
"Dictionary attack" refers to making an attack by lexically registering a simple password that is easy to guess in order to make brute force attacks efficient. All of the top 25 ranking data of this time will also be registered in the hacking dictionary.

3: Use password manager
"Weak passwords" are often used because it is difficult to memorize "strong passwords" with only their heads. Password managers like Keeper have a function to automatically generate strong passwords that are difficult to guess combining various characters. Even if you do not remember the generated password, you can safely keep it in the password manager.

ByAlessandro Tortora