Security

Our passwords still suck

You can probably guess what some of the most common passwords were in 2016 -- and hackers can too.

It seems that password security doesn't work.

Many of us rely on simple, easy-to-remember strings of characters and letters, including those found on your keyboard such as "1234567" or "qwertyu."

While these passwords are easy for you to remember, they're also no trouble for attackers using brute-force hacking techniques, or little more than a guess or two. Meaning hackers can easily compromise your online accounts and take over your digital identity.

Click to see the full list.

Keeper Security

Despite the growing availability of security features like two-factor authentication, it appears many people still haven't gotten the message about strong passwords.

The most common passwords used to protect our accounts haven't changed much over the past few years, and "123456" is still very much in existence, according to password management service Keeper Security.

The company scoured through 10 million passwords which became public domain during 2016 thanks to data breaches. Keeper Security found that almost 17 percent of people used "123456" to protect their accounts from intrusion, while "123456789," "qwerty" and "password" also made the list of 25 Most Common Passwords of 2016.

"We can criticize all we want about the chronic failure of users to employ strong passwords," Darren Guccione, CEO and co-founder of Keeper Security, said. "But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies. It isn't hard to do, but the list makes it clear that many still don't bother."

In total, four of the top 10 most common passwords were six characters or shorter. On average, it only takes seconds to brute-force hack these kinds of accounts. Allowing for such short passwords is the fault of online vendors and operators.

"While it's important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves," Guccione added. "IT administrators and website operators must do the job for them."

There is an interesting exception on the list: "18atcskd2w" was the No. 15 most common password discovered in the data. These accounts were created by bots designed to spread spam on online forums, according to security researcher Graham Cluley.

This story originally posted as "The worst passwords of 2016 are as lazy as ever" on ZDNet.

Life, disrupted: In Europe, millions of refugees are still searching for a safe place to settle. Tech should be part of the solution. But is it? CNET investigates.

Does the Mac still matter? Apple execs tell why the MacBook Pro was over four years in the making, and why we should care. Read about it here.