Monthly Archives: April 2019

Millions using 123456 as password, security study finds

Jurgen Klopp and Jordan HendersonImage copyright AFP
Image caption Liverpool FC topped the list of Premier League club names used as passwords

Millions of people are using easy-to-guess passwords on sensitive accounts, suggests a study.

The analysis by the UK’s National Cyber Security Centre (NCSC) found 123456 was the most widely-used password on breached accounts.

The study helped to uncover the gaps in cyber-knowledge that could leave people in danger of being exploited.

The NCSC said people should string three random but memorable words together to use as a strong password.

Sensitive data

For its first cyber-survey, the NCSC analysed public databases of breached accounts to see which words, phrases and strings people used.

Top of the list was 123456, appearing in more than 23 million passwords. The second-most popular string, 123456789, was not much harder to crack, while others in the top five included “qwerty”, “password” and 1111111.

The most common name to be used in passwords was Ashley, followed by Michael, Daniel, Jessica and Charlie.

When it comes to Premier League football teams in guessable passwords, Liverpool are champions and Chelsea are second. Blink-182 topped the charts of music acts.

People who use well-known words or names for a password put themselves people at risk of being hacked, said Dr Ian Levy, technical director of the NCSC.

“Nobody should protect sensitive data with something that can be guessed, like their first name, local football team or favourite band,” he said.

Hard to guess

The NCSC study also quizzed people about their security habits and fears.

It found that 42% expected to lose money to online fraud and only 15% said they felt confident that they knew enough to protect themselves online.

It found that fewer than half of those questioned used a separate, hard-to-guess password for their main email account.

Security expert Troy Hunt, who maintains a database of hacked account data, said picking a good password was the “single biggest control” people had over their online security.

“We typically haven’t done a very good job of that either as individuals or as the organisations asking us to register with them,” he said.

Letting people know which passwords were widely used should drive users to make better choices, he said.

The survey was published ahead of the NCSC’s Cyber UK conference that will be held in Glasgow from 24-25 April.

Hacking ‘hero’ Marcus Hutchins pleads guilty to US malware charges

Marcus HutchinsImage copyright Getty Images

A British man hailed as a hero for stopping a global cyber-attack that was threatening the NHS has pleaded guilty to US malware charges.

Marcus Hutchins, 24, has pleaded guilty to two charges related to writing malware – or malicious software – court documents show.

Writing on his website, Hutchins said he regretted his actions and accepted “full responsibility for my mistakes”.

Hutchins has been held in the US since he was arrested by the FBI in 2017.

“As you may be aware, I’ve pleaded guilty to two charges related to writing malware in the years prior to my career in security,” he wrote on his website.

“I regret these actions and accept full responsibility for my mistakes.

“Having grown up, I’ve since been using the same skills that I misused several years ago for constructive purposes. I will continue to devote my time to keeping people safe from malware attacks.”

Hutchins, from Ilfracombe in Devon, was credited with stopping the WannaCry malware which was threatening the NHS and other organisations in May 2017.

But he was arrested by FBI agents on 2 August 2017 at Las Vegas’s McCarran International Airport.

He had been attending the Def Con conference – one of the world’s biggest hacking and security gatherings.