Users still rely on too simple passwords, says Keeper

Analysis reveals 123456 is most popular password, used in nearly one fifth of accounts

Tags: Keeper Security Inc (
  • E-Mail
Users still rely on too simple passwords, says Keeper Users are still relying on simple passwords such as 123456 or qwerty, according to Keeper.
By  Mark Sutton Published  January 16, 2017

End users are still selecting the simplest passwords, with ‘123456' the most popular password in 2016, according to security company Keeper.

The password management and digital vault company analysed over 10 million passwords that were made public by data breaches in 2016, and found that despite the efforts of the security industry, users still choose dangerously simple passwords.

123456 was chosen as a password by 17% of users, and variations of this featured in Keeper's top 25 list. ‘qwerty' was the third most popular password chosen, while ‘password' was eighth.

Seven of the top fifteen passwords are only six characters in length, making them highly vulnerable to brute-force hacking software, the company noted, while the top 25 passwords appeared so frequently that they accounted for half of the ten million leaked records.

"The list of most-frequently used passwords has changed little over the past few years," the company said in its blog. "That means that user education has limits. While it's important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them."

Some users may attempt to create more secure passwords by including letters selected sequentially from the keyboard, such as ‘1q2w3e4r' or ‘123qwe', but these are vulnerable to password cracking technology that are programmed to look for sequential key variations.

Keeper also noted that a number of seemingly random passwords appear in the top 25 most popular list such as ‘18atcskd2w' and ‘3rjs1la7qe', which security researchers believe are being used by bots when setting up dummy accounts on public email services for spam and phishing attacks.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code