According to the UK’s National Cyber Security Centre (NCSC) which analysed the passwords of accounts that have been hacked into, 123456 was the most commonly used password. In fact, it was used to hack into the accounts held by over 23 million people. The second most used password on hacked accounts was 12345678 followed by 111111.
Website users are also using their own names and the name of their sports teams or their children. Other popular passwords were Michael, Daniel, Jessica and Charlie, while Liverpool was used by 270,000 people whose account had later been hacked. Some websites have technology in place to recognise this and alert users to the fact that they need a stronger password. Names and favourite teams are often easy to find out online on Facebook, Instagram and Twitter.
It’s easy to see why people use these types of passwords – with seemingly everything done online, we all have so many passwords to remember and it can be easy to get locked out of bank accounts and email accounts.
Along with easy-to-hack passwords, security firm Norton has revealed that many people also use the same password across all of their accounts.
With this in mind, here’s how to choose a strong password:
- Don’t use personal information that is easily to discover on your social network.
- Don’t use a consecutive string of numbers. Use a random phrase or word with a mixture of uppercase and lowercase letters and symbols.
- Don’t use the same password across all your sites.
- Never share your passwords.
- Consider using an encrypted online password vault that will store all your passwords and allow you to access them from your devices. These are highly secure and it means you can choose complex passwords and only need to remember one to get into the vault. It will also autofill your websites once logged in, give complex password suggestions and alert you if you’ve used an easy to guess password, or something that contains personal information. It will also alert you if you have used the same password on another site. Try Lastpass, One Log In or The Vault.
If your account is hacked
If you think your account has been hacked, change your password immediately and if possible, see when the site was accessed and from where. Finally, make sure you protect tablets, smartphones and computers with a password, pin code or fingerprint so that if they are lost or stolen, whoever finds them can’t access your personal details and use these to guess your passwords.