UK National Cyber Security Centre Releases List of Worst Passwords

On the eve of the CYBERUK 2019 conference, which will take place in Glasgow this week, experts from the UK National Cyber Security Centre (NCSC) teamed up with Troy Hunt, creator of the data breach aggregator Have I Been Pwned, to once again draw public attention to the problem of weak passwords. To do this, they analyzed the 100,000 worst and most commonly used passwords collected from various sources by Have I Been Pwned.

The analysis showed that, unfortunately, users still very often use classic combinations like “123456” and “qwerty” as passwords, as well as the names of favorite sports teams, music bands, and so on. As a result, the researchers compiled the following list of the worst passwords:

• • 123456
  • 123456789
  • qwerty
  • password
  • 111111

“No one should protect important information using passwords that are easy to guess, such as your own name, the name of your local football team, or your favorite band,” writes NCSC Technical Director Ian Levy.

Experts remind users not to neglect two-factor authentication and password managers. They also point out that a strong password doesn’t have to be hard to remember. For example, the NCSC website has published recommendations for creating strong passwords, where specialists advise using combinations of three random words.