Millions of Folks Keep Choosing 123456
In a recent study by the UK National Cyber Security Centre (NCSC) – the brainy sidekick of GCHQ – we’re back at the midnight-feed: “Someone’s breaking into your account because you used 123456.” Turns out that password is chilling in more than 23 million accounts. The data shows that people are still playing the forgotten password game.
Top 5 Passwords – The “Classic” 9‑pack
- 123456 – 23 m+ users
- 123456789 – a close second
- qwerty – the classic keyboard crawl
- password – the broken‑egg of the internet
- 1111111 – who knew that’s a thing?
None of these are strong contenders for password strength. In fact, every one of them is practically a security “snack”—easy to crack.
Names Are the Biggie
The NCSC drilled down on names and found that “Ashley” popped up in 432,000 passwords, followed closely by Michael and Daniel. It’s a shame that so many users couch their credentials around their first name. Think of it as trading a free toaster instead of a protected lock.
What the Experts Are Saying
Dr Ian Levy, GCHQ’s tech lead, dropped this gem: “Password re‑use is a prime risk. Don’t protect sensitive data with something the world can guess (first name, local club, favourite band). Choose hard‑to‑guess passwords. Tip: Combine three random yet memorable words.”
Web security sage Troy Hunt added: “Good password choices are the biggest control you have over your online safety. Knowing which passwords get cracked first lets you act wisely.”
Time to flip that habit. If you’re still using 123456, consider swapping it for a strong, unique one. And for good measure—maybe scrap that embarrassing password for something that proves you’re not a walking dictionary of broken passwords.
