UK Cybersecurity Office Warns Against Weak Passwords

Adam Jacobson


June 1, 2019

weak passwordsThe UK National Cyber Security Centre (NCSC) published its first UK Cyber Survey in April, the result of more than 2,500 phone interviews with members of the public over 16 years old. The study revealed that UK internet users still routinely choose inadequate, easy-to-guess passwords.

While number strings like “123456” and “123456789” and words like “qwerty” and “password” were the most commonly used and breached passwords, the NCSC also found that people in the UK frequently use names (“ashley” or “michael,” for example), musicians (“blink182” or “50cent”), their favorite Premier League soccer teams (“liverpool” or “chelsea”), or fictional characters (“superman” or “naruto”).

The NCSC released a searchable list of the top 100,000 most common passwords for accounts accessed in cyberbreaches, advising, “if you see a password that you use in this list, you should change it immediately.”

It also suggested choosing a password made up of three random words and recommended businesses implement a “passwords blacklist” to prevent employees from using common vulnerable passwords.

Adam Jacobson is associate editor of Risk Management.