A new research paper has listed the top-ten least-secure passwords currently in use online, with "123456", "password" and "ninja" among the most frequently used.
Published by Lancaster University in collaboration with China's Fujian Normal University and Peking University, the study is based on a leaked Yahoo database of personal information. Researchers created an algorithm based on the leak to guess the passwords – and had a 73 per cent success rate.
"Why do [some] use such obvious passwords? A main reason I think is that they're either unaware of or don't understand the risks of online security," Lancaster University's Dr Jeff Yan told the Daily Mail.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
"Just like everybody knows what one should do when red lights are on in the road, eventually everybody will know 123456 or the like is not a good password choice."
Another common choice was a combination of the user's name, age or birthday - information often released in a leak of this nature.
The top ten most commonly used passwords were:
123456
password
welcome
ninja
abc123
123456789
12345678
sunshine
princess
qwerty
Using any of these words put people at serious risk of security breaches, added the researchers.
-
The return to the stone age in house buildingUnder the Radar With brick building becoming ‘increasingly unsustainable’, could a reversion to stone be the future?
-
Rob Jetten: the centrist millennial set to be the Netherlands’ next prime ministerIn the Spotlight Jetten will also be the country’s first gay leader
-
Codeword: November 4, 2025The Week's daily codeword puzzle
-
Why Britain is struggling to stop the ransomware cyberattacksThe Explainer New business models have greatly lowered barriers to entry for criminal hackers
-
Who are the new-wave hackers bringing the world to a halt?The Explainer Individual groups and nations are beginning to form concerning partnerships with new ways to commit cybercrime
-
Jaguar Land Rover’s cyber bailoutTalking Point Should the government do more to protect business from the ‘cyber shockwave’?
-
Airplane crash-detection systems could be vulnerable to hackersUnder the Radar 'The idea scares the shit out of me,' one pilot said
-
Elon Musk's DOGE website has gotten off to a bad startIn the Spotlight The site was reportedly able to be edited by anyone when it first came online
-
The Internet Archive is under attackUnder the Radar The non-profit behind open access digital library was hit with both a data breach and a stream of DDoS attacks in one week
-
How cybercriminals are hacking into the heart of the US economySpeed Read Ransomware attacks have become a global epidemic, with more than $18.6bn paid in ransoms in 2020
-
Language-learning apps speak the right lingo for UK subscribersSpeed Read Locked-down Brits turn to online lessons as a new hobby and way to upskill
