Millions Still Use Dangerously Simple Passwords, Study Reveals
A new analysis of 100 million breached passwords shows that despite repeated warnings, people continue to use incredibly weak credentials that put their personal data at severe risk.
Key Takeaways
- ‘123456’ found in over 6.6 million breached accounts
- Common names, sports teams, and celebrities remain popular password choices
- Experts urge immediate password changes and stronger security practices
Most Common Password Choices
Research from Peec AI analyzed data breaches from the past six years, revealing alarming patterns in password selection. The number sequence ‘123456’ appeared a staggering 6.6 million times, while the word ‘password’ itself was used nearly 950,000 times.
‘Considering the high volume of passwords leaked every year, along with the rise in scam and phishing reports, using obvious combinations like “123456” puts you and your personal information at high risk,’ said Malte Landwehr, CMO of Peec AI.
Popular Names and Figures in Passwords
The study categorized passwords into different types, with concerning results:
- Names: Michael (107,678), Daniel (99,399), Ashley (91,977)
- Celebrities: Blink-182 (84,545), 50 Cent (55,897), Eminem (43,344)
- Fictional Characters: Superman (86,937), Batman, Wall-e, Hello Kitty
- Sports: Liverpool, Chelsea, Barcelona among top football teams
How to Create Strong Passwords
Security experts recommend immediate action if your passwords match any common patterns.
‘You should aim for a password that is at least 12 characters long and include a combination of uppercase and lowercase letters, numbers, and special characters,’ advised Landwehr.
Key recommendations include:
- Avoid predictable sequences like “12345” or “qwerty”
- Don’t use personal information that’s publicly available
- Use different passwords for different accounts
- Consider using a password manager to generate and store complex passwords
Enable Multi-Factor Authentication
Beyond strong passwords, enabling multi-factor authentication (MFA) provides critical additional protection.
‘[MFA] adds an extra layer of protection by requiring a second method of verification,’ Landwehr explained. ‘With MFA in place, even if someone has your password, they won’t be able to access your account without that second layer.’
Experts particularly recommend MFA for email, banking, and social media accounts where sensitive personal information is stored.
