As easy as 123456 !

Data security breaches have become common place over the last 10 years, so much so that as an industry we have almost become immune to them.

However a recent study carried out by a Turkish Security researcher, Ata Hakcil, on password reuse found after analysing over a billion credentials that "123456" was the most commonly used password!

That equates to 1 out of every 142 passwords on the internet with an occurrence of 7 million times in the analysed data set.

Some other mind boggling and interesting stats revealed that:

• Out of 1 Billion passwords only 169 million were unique

• The average password length was 9.48

• 29% only used letters

• 13% only used numbers

• The top 1000 passwords account for over 6% of all passwords

Interestingly a large of number of the passwords were found to have low entropy, even though they appeared to be strong passwords, which leads the researcher to believe that there may be a password manager out there producing passwords with low entropy as default.

The full details of the research can be found at the following Github link:

Password Research

So the key take away is that if you are using 123456 as a password you better change it now!

Humans will continue to make poor choices when it comes to inventing new passwords so my advice is:

• Invest in a password manager like Lastpass, Dashlane, KeePass or similar

• Use Multi Factor Authentication wherever possible for any online services 

Above all take the guessing game out of creating passwords so that you don't become the next victim of a data breach.