Most users still use weak passwords, NCSC report finds

News by Rene Millman

'123456' and 'Liverpool' among insecure passwords

Many people are still using very weak passwords, despite years of warnings against them, according to a new report.
According to the UK's National Cyber Security Centre (NCSC) first UK Cyber Survey, the most commonly used password on breached accounts was found to be "123456", used by 23.2 million accounts worldwide. This was ahead of "123456789" and "qwerty", "password" and "1111111".
The polling was independently carried out on behalf of the National Cyber Security Centre (NCSC), a part of GCHQ, and Department for Digital, Media and Sport (DCMS).
The findings, released ahead of the NCSC’s CYBERUK 2019 conference in Glasgow this week, will inform government policy and the guidance offered to organisations and the public. 
Liverpool was the most common Premier League Football team used in a password, with Blink 182 the most common music act.
Ashley was discovered to be the most frequently used name in a password, followed by Michael, Daniel, Jessica and Charlie.
The NCSC also published a separate analysis of the 100,000 most commonly re-occurring passwords that have been accessed by third parties in global cyber breaches.
The survey also found that only 15 per cent of respondents said they know a great deal about how to protect themselves from harmful activity. The most regular concern is money being stolen – with 42 per cent feeling it likely to happen by 2021.
Dr. Ian Levy, NCSC technical director, said: "Using hard-to-guess passwords is a strong first step, and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can't guess your password."
"Password re-use is a major risk that can be avoided - nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band."
David Lidington, Chancellor of the Duchy of Lancaster and Minister for the Cabinet Office, added: "Given the growing global threat from cyber attacks, these findings underline the importance of using strong passwords at home and at work."
"This is a message we look forward to building on at CYBERUK 2019, an event that reaffirms our commitment to make Britain both the safest place in the world to be online and the best place to run a digital business." 
Rob Otto, EMEA CTO from Ping Identity, told SC Media UK that the survey from the National Cyber Security Centre is not surprising and with so many digital logins, people tend to resort to simplistic passwords to simplify the process. 
"While in the past, advice was given to focus on shorter passwords with a mix of different character types, most security experts now agree that longer passwords are always better than short ones, regardless of which characters are included," he said.
"The advice to choose to a unique passphrase comprising three or four memorable words is sound. With widespread smartphone adoption, a more secure option still is the use of Two Factor Authentication (2FA) to add an additional layer of protection beyond passwords."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews