Preloader

94% of Leaked Passwords Are Repetitive or Non-Unique

94% of Leaked Passwords Are Repetitive or Non-Unique

94% of Leaked Passwords Are Repetitive or Non-Unique

Have you ever used passwords like "123456," "admin," or "password"? If so, you're certainly not alone — but you may have unknowingly put yourself and possibly your workplace at risk.

According to a recent report by Cybernews, a leading cybersecurity research and media outlet, only 6% of over 19 billion leaked passwords were considered unique and relatively secure.

The report, based on data from 200 information leak incidents over the past 12 months, reveals that most users still rely on weak, predictable, and repetitive passwords. The analysis examined factors such as password length, character composition, and the use of special characters or numbers.

Common Passwords: A Persistent Security Threat

Among the most frequently used passwords were "1234," "password," and "admin." For instance, "1234" appeared more than 727 million times in the leaked datasets, while "123456" was used in over 338 million cases. These simplistic combinations have remained among the most popular passwords since at least 2011.

A major reason for this trend is the continued use of default credentials in devices such as routers and modems, which often come preconfigured with "admin" as both the username and password. Many users — even in professional or industrial environments — fail to change these defaults.

Neringa Machiauskaite, an information security researcher at Cybernews, emphasizes that the use of default or simple passwords remains one of the most prevalent and persistent risks in cybersecurity.

A Global Crisis of Password Reuse

The study found that 94% of the passwords analyzed were duplicates or based on recurring patterns, while only 6% — approximately one billion entries — were truly unique. This troubling pattern leaves users highly vulnerable to dictionary attacks and automated brute-force attempts by malicious actors.

Password Choices Influenced by Names, Pop Culture, and Nature

Beyond numeric or common terms, many individuals use personal names like "Ana," which appeared in 178 million leaked passwords. Pop culture references such as "Mario," "Joker," and "Thor" were also widely used. Additionally, positive words like "love," "dream," and "freedom" showed up frequently.

Other popular password themes included country names, cities (e.g., "Rome"), animals (such as "lion" and "fox"), foods and drinks (e.g., "Apple," "Rice"), as well as seasons and calendar months.

Cybernews also found that 42% of the leaked passwords were between 8 to 10 characters long, with 8-character passwords being the most common. Furthermore, around 27% of users relied solely on lowercase letters and numbers, avoiding uppercase characters or special symbols altogether.

Recommendations for Enhancing Digital Security

To mitigate the risks associated with weak and reused passwords, Cybernews recommends the following best practices:

  • Use a password manager: These tools generate, store, and auto-fill strong and unique passwords for each account.
  • Create complex passwords: Passwords should be at least 12 characters long and include a mix of uppercase and lowercase letters, numbers, and special characters.
  • Enable multi-factor authentication (MFA): Even if a password is compromised, MFA adds a critical layer of protection.
  • Implement organizational password policies: Companies should require employees to use complex passwords that meet minimum security standards.
  • Regularly audit access permissions and monitor data leaks: Continuous access reviews and real-time monitoring tools can help identify and respond to breaches swiftly.

 

Source: MedadPress
www.medadpress.ir