The most used password revealed by analyzing over 1 billion credentials is '123456'

An analysis of over 1 billion credentials leaked due to hacking and other damage reveals that many people are using weak passwords.

GitHub-FlameOfIgnis/Pwdb-Public: A collection of all the data i could extract from 1 billion leaked credentials from internet.
https://github.com/FlameOfIgnis/Pwdb-Public

New analysis of one billion leaked credentials reveals that most people reuse weak passwords-TechSpot
https://www.techspot.com/news/85854-new-analysis-one-billion-leaked-credentials-reveals-most.html

One out of every 142 passwords is '123456' | ZDNet
https://www.zdnet.com/article/one-out-of-every-142-passwords-is-123456/

Leading IT companies like Google and Microsoft, and cybersecurity-related non-profit organizations like the National Cyber ​​Security Alliance are hoping to adopt passwordless login methods in the near future. It's unclear when this will happen, but in the meantime, users will still need to use passwords to protect their online accounts. And the key to keeping your account secure with this password is to set up a 'complex password' that makes it difficult for a third party to guess.

In the 'Worst Password Worst 100' published by security company SplashData, the password '123456' is selected as the 'most used worst password' every year. Although this type of password has the advantage that it can be easily remembered by the user, it can be said to be a dangerous password that can be easily guessed by a third party and the risk of data breach is high.

Worst password 2018 version, top is stable ``123456''-GIGAZINE

A recent analysis by Turkish student Ata Haksil, who attends the University of Cyprus, also reveals that many users are reusing 'weak passwords' that are easy to guess. When Mr. Haksil analyzed more than 1 billion user name and password combinations leaked due to data breaches that occurred in the past 10 years, there were 168,919,919 types of passwords used, of which '123456' Weak passwords are most commonly used, with 7 million being discovered.

In addition, Mr. Haksil uses 'a password with more than 10 characters with mixed uppercase and lowercase letters and numbers' as a highly secure password, and the number of corresponding passwords was only 40,000 out of 1 billion. I am.

According to the analysis, the average number of characters in a password is '9.4822' characters, 28.79% is a password with only letters, 26.16% is a password with only lowercase letters, 13.37% is a password with only numbers, and 34.41% is a password with a number at the end. In addition, only 8.83% of the 10 billion unique passwords were found to be unique. In other words, other passwords have been reused or have been covered with a third party.

The average number of characters in the 1 billion passwords analyzed this time is '9.4822' characters, but the National Institute of Standards and Technology recommends a password length of 8 characters or more, and the Federal Bureau of Investigation (FBI) has 15 or more characters. Is recommended.

In addition, although it is generally required to set a complicated password that includes uppercase letters and numbers, some security experts argue that 'no uppercase letters, numbers or symbols have any meaning'.

A password expert admits that the past theory was wrong that ``no uppercase letters, numbers or symbols had any meaning''-GIGAZINE

by Thomas Au