Being Hacked is as easy as 123456 when that’s your password

Do you want to be hacked? Chances are you will be if you persist on using one of the passwords listed on the latest most commonly used passwords list of 2017.

The annual list which is published by SplashData is created from more than five million passwords leaked by hackers. Taking the top spot for 2017 was (yet again) 123456, a password that a hacker can crack faster than you can blink.

From looking at the list, it’s clear that the message to use effective, hard to guess passwords still isn’t getting through!

The top ten most common passwords

The top ten list of the most commonly used passwords makes for some pretty frustrating reading for those of us working in the cybersecurity sector. Prepare to shake your head in despair;


What’s an effective password?

It’s not just individuals who are guilty of using weak passwords but entire organisations. Many companies allow multiple people access to their internal systems and in some cases social media accounts. To avoid confusion, they will often use a password that includes the company name followed by a number or symbol. These passwords are very easy to break and can leave organisations exposed to insider threats, vandalism and reputational damage.

As time has gone on the average person's digital footprint has grown massively and today most of us regularly use a wide number of different websites and online services; most of which require a password to sign in.

Sachin Bhatt, Head of Incident Response at CyberScore says; "There can sometimes be a misconception that creating a complex password can be secure. Users often substitute some letter with special characters, such as replacing "i" with "1" or "!". Cyber attackers know this and have developed techniques that can search for such substitutions to crack passwords. The problem with long, complex and random characterised passwords (such as "egiETG£$G1465yWphsoes^$£" is that they are all but impossible to remember requiring the user to store, often in a plain text file, or copy and paste them.

This again introduces another factor which an attacker can exploit to gain hold of your passwords. A better way, as advised by the National Cyber Security Centre (NCSC) is to create a secure password by increasing its length. You can choose to select random words which are memorable to you but together may not necessarily make sense or be used in common language, e.g. "brusselssproutsHumanitytorqueWrench". You can also add special characters or numbers if you wish so long as it is something you remember. You can also use password management tools that securely store passwords to keep them safe and help you to come up with secure ones.”

There could be consequences

Articles such as this aren’t meant to scare, but instead, raise awareness of the security issues faced by businesses on a daily basis. A real-world example of the consequences of an organisation falling foul of weak passwords is the recent fine handed out by the Information Commissioners Office (ICO).

On January 10th the ICO handed out one of its biggest ever fines to the Carphone Warehouse after hackers were able to gain unauthorised access to the personal information of company employees and millions of its customers. According to their report, hackers used valid login credentials to access the company computer system using out-of-date WordPress software. The final fine is expected to be around £400,000.

For smaller businesses, such a fine could prove devastating both financially and reputationally. The good news, however, is that the vast majority of these types of incidents can be avoided if we all take responsibility and use effective cyber hygiene.

For more advice on creating effective passwords visit

Want to learn more about how CyberScore™ can help secure your business? Visit our website at

Follow us on FacebookTwitter and LinkedIn