Billions of passwords for sale on the Dark Web – this one was used 7 million times

How tough are your passwords? Despite what you may think, the best password practices from 10 years ago won’t cut it today. If you share passwords across different websites, for example, it’s time to get busy changing them for the sake of your security.

The reason: An unprecedented wave of phishing and cybercrime is upon us, which makes stronger passwords an absolute must. Tap or click here to see how much stolen accounts and passwords are selling for on the Dark Web.

Creating a strong password isn’t too difficult. All you need is a clever combination of numbers and letters that are difficult to guess. But in spite of this, one of the most common passwords in the world doesn’t even bother following this format. It’s been used literally millions of times, and you won’t believe how obvious it is.

The results are in: Your password is terrible

A recent analysis of more than 1 billion leaked passwords revealed an uncomfortable truth: People continue to use (and reuse) poor passwords across the internet.

It’s all part of a new study performed by Turkish computer engineering student, Ata Hakçıl, who analyzed leaked account credentials included in several major data breaches.

What he found was extraordinary: Out of the more than 1 billion accounts, under 169 million unique passwords existed. Not only that, but a much, much more concerning statistic also appeared upon further examination. Out of the unique passwords, more than 7 million happened to be “123456.” Yes, really!

If we break it down statistically, one out of every 142 passwords from the sample was “123456.” This currently accounts for the most commonly reused password on the web for the past half-decade, and this study only backs up how standard it has become for so many.

Beyond that startling discovery, the research revealed several other key findings that show just how much trouble our online accounts are in if we don’t make a change:

• The most common 1,000 passwords cover 6.607% of all the passwords.
• Average password length is around nine characters.
• Only 12.04% of passwords contain special characters.
• 28.79% of passwords only contain letters.
• 26.16% of passwords only contain lowercase letters.
• 13.37% of passwords only contain numbers.
• 34.41% of all passwords end with numbers, but only 4.522% of all passwords start with them.

What can I do to make my passwords safer

If you’re feeling concerned about your own cybersecurity (or if you happen to have “123456” as your password somewhere online), you don’t have to panic. There are a few steps you can take to shape up your passwords and secure your accounts.

To get started, let’s check with the worst-ranked passwords of 2019. These passwords made the list because of how common and easily guessed they are, and if you have them on your accounts, that’s a red flag to change them immediately.

1. 123456
2. 123456789
3. qwerty
4. password
5. 1234567
6. 12345678
7. 12345
8. iloveyou
9. 111111
10. 123123
11. abc123
12. qwerty123
13. 1q2w3e4r
14. admin
15. qwertyuiop
16. 654321
17. 555555
18. lovely
19. 7777777
20. welcome
21. 888888
22. princess
23. dragon
24. password1
25. 123qwe
26. 666666
27. 1qaz2wsx
28. 333333
29. michael
30. sunshine
31. liverpool
32. 777777
33. 1q2w3e4r5t
34. donald
35. freedom
36. football
37. charlie
38. letmein
39. !@#$%^&*
40. secret
41. aa123456
42. 987654321
43. zxcvbnm
44. passw0rd
45. bailey
46. nothing
47. shadow
48. 121212
49. biteme
50. ginger

Once you start changing your passwords, install the Google Password Checkup extension to see how safe they are to use. This extension scours the web for known leaked password databases and matches yours up against them.

Tap or click here to discover Google’s Password Checkup extension.

Next, you’ll need to start setting up two-factor authentication for all of your accounts that offer the feature. This will prevent a hacker from going any further without physical access to your phone, which means they will have wasted money buying your account from the Dark Web in the first place. Tap or click here to see how to set up 2FA.

For even more protection, you should also consider using an encrypted password manager like our sponsor Roboform. Not only does Roboform store your passwords with secure encryption, but it can also generate stronger passwords for you that are less likely to get cracked.

Save 50% on RoboForm Everywhere and manage your passwords with ease and security when you use discount code KIM50 at checkout!

Somewhere out there, there’s a hacker hoping to use your weak passwords against you. A simple or goofy password may be easier to remember, but don’t forget that ease goes both ways. Why give them the chance?