'123456' the most common password, can be cracked in under a second: Study

The second and the third most popular passwords were "admin" and "12345678", used in about 4 million and 137,000 accounts, respectively, the study findings on the website show

The most common password was "123456" and a hacker would probably take less than a second to crack it, according to a study conducted by NordPass, a software company that helps users organise their passwords.

The password "123456" was held by about 45 lakhs accounts, the study found in partnership with independent experts specialising in researching cybersecurity incidents, according to the Panama-based company's website.

The second and the third most popular passwords were "admin" and "12345678", used in about 40 lakhs and 13.7 lakhs accounts, respectively, the study findings on the website show.

In India, the most common password was "123456", kept in around 3.6 lakhs accounts, followed by "admin", used in around 1.2 lakhs accounts, according to the website.

The research team analysed passwords from a 6.6 Terabyte-database, which were stolen by employing various stealer malware, such as Redline, Vidar, Taurus, Raccoon, Azorult, and Cryptbot, it said.

Malware logs included both passwords and the source website and the researchers' database included data from up to 35 countries.

The researchers classified the data into various verticals, which allowed them to perform a statistical analysis based on countries, NordPass's website said.

NordPass exclusively received only statistical information from the researchers, which gives no reference to internet users' personal data, it said.

Further, no personal data was acquired or purchased by NordPass to conduct this study, the website said.

"Streaming lovers seem to be strong password haters," NordPass said, referring to users who enjoyed streaming online content. The study found that compared to other popular websites, people choose the poorest credentials to secure accounts on this platform category.

The website also acknowledged "123456" to be the "world's worst password" as it was ranked the most common password 4 out of 5 times, while "Password" held this title once throughout the lifetime of the study.

NordPass quoted the researchers while saying that "while passwords are getting harder to breach due to rapidly evolving technologies, malware attacks are still seen as a prominent threat for account security."

The password manager company advised account holders to use complex passwords that were at least 20 characters long and included a mix of uppercase and lowercase letters, numbers and special symbols.

NordPass also asked password users to desist from reusing the same password across multiple websites or services, as compromising one account could risk the safety of all the other accounts.

Further, it called for a "regular" assessment of the passwords for their health and improving them for a "safer online experience", in addition to advocating the use of password managers such as itself.