Cybersecurity firm Keeper sieved through 10 million passwords that were made public through data breaches in 2016. Joining 123456 on the list are its chronological pals "1234567" and "12345678", as well as "qwerty", and "111111".
There are some instances of randomised passwords in the list but the commonality of those indicates use by a large botnet which deploys the same codes on accounts it registers, so reckons security chatter Grahame Cluely.
It's a new year, which means we should be doing more to protect our security online - especially in the form of our passwords. However, the passwords "google" and "mynoob" were more unmistakably created by humans.
By "still", we mean that "123456" remains at the top of the list since 2015, and that more or less goes to show that most online users haven't taken cues from some of the biggest hacking cases that made rounds online past year, which victimized a few bigwigs in the tech world such as Facebook CEO Mark Zuckerberg and Twitter head honcho Jack Dorsey, to name a few.
Meanwhile, the post said that the idea password pasting allows brute force attacks - where malicious software repeatedly guesses until it breaks the password - is true to some extent, but added that there were other ways to make guesses that are "just as easy for attackers to set up and are much faster at guessing".
If you're looking to change your password specialist suggest using at least 12 characters, with mixed types - including letters numbers and punctuation. Here are the top 15 passwords from that list, confirming that 123456 still remains bewilderingly popular. Website operators that permit such flimsy protection are either reckless or lazy. Dictionary-based password crackers can easily look for sequential key variations to crack the password.
This leaves the job of stopping users from hurting themselves to overworked IT administrators and website operators, they say. Email providers could do everyone a favor by flagging this kind of repetition and reporting the guilty parties.