Your IT Consultant

Stop Using 123456 as a Password

July 6, 2020

Despite what some would want, we will still be using passwords for several more years. There is absolutely no excuse for the continued reuse of passwords or using weak ones. The bad news…123456 is used as a password once for every 142 passwords. Hot for Security revealed results of a recent analysis of over one billion usernames and passwords from corporate data breaches that were found online.

• 1 billion credentials were reduced to just 168,919,919 passwords and 393,386,953 usernames
• The most common password is 123456, covering around 7 million entries per billion
• The most common 1,000 passwords cover 6.607% of all passwords
• Average password length is only 9.4822 characters long
• Only 12.04% of analyzed passwords contained special characters
• 28.79% of passwords contain letters only
• 26.16% of passwords are lowercase only
• 13.37% of passwords are numbers only
• 34.41% of all passwords end with digits, but only 4.522% of all passwords start with a digits

Of all the passwords analyzed, only 8.83% were unique. The average password length was less than 10 characters too. The review also revealed that 53% of users haven't changed their password in over 12 months. I can understand why people don't really need to change their password unless it is part of a data breach, but with such poor password hygiene, passwords should be changed on a periodic basis.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com