Easily guessed passwords being used across multiple accounts have been highlighted as a major gap in the online security practices of UK internet users.
A survey by the National Cyber Security (NCSC) found that many British internet users did not know the best ways to protect themselves from cybercrime.
Only 15% said they knew “a great deal” about how to protect themselves from harmful activity online, while less than half said they always used a strong, separate password for their main email account.
The findings were released ahead of the NCSC’s CyberUK 2019 conference in Glasgow, which will be used to inform Government policy and the guidance it offers to business and the public.
Most common passwords globally
The research also included lists of the most commonly used passwords globally, highlighting the number of easily guessed log-ins still being widely used.
123456 was the most used, ahead of 123456789 and qwerty – the series of letters which appear in a line on a computer keyboard – the word password and 1111111.
NCSC technical director Dr Ian Levy said: “We understand that cybersecurity can feel daunting to a lot of people, but the National Cyber Security Centre has published lots of easily applicable advice to make you much less vulnerable.
“Password re-use is a major risk that can be avoided – nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band.
“Using hard-to-guess passwords is a strong first step and we recommend combining three random but memorable words. Be creative and use words memorable to you, so people can’t guess your password.”
Ashley was revealed to be the most common name used in a password, followed by Michael, Daniel, Jessica and Charlie.
Liverpool was the most common Premier League Football team used in a password, with Blink 182 the most common music act.
Security researcher Troy Hunt, whose website Have I Been Pwned allows users to check if any of their accounts have been compromised in cyber attacks by collecting data from those breaches – and helped compile the list, said internet users needed to be more creative in their approach to passwords.