Google Says Hundreds of Thousands of Compromised Passwords Still in Use

When’s the last time you changed your passwords?



A team of researchers from Google has published a blog confirming that an alarming amount of people are still using basic passwords, and in many cases, passwords that had been compromised by a third-party.


This is often the case for people using the same password across multiple platforms, such as a social media site, a streaming service like Netflix or Spotify, or while signing up to a service online. In recent months, we’ve seen a number of hacks from malicious third-parties who take troves of data and publish them either on the darkweb, in some cases, publicly accessible databases for other hackers.


According to research published, the majority of internet users re-use passwords across multiple sites and service providers, which leaves the individual extremely vulnerable if one site's lack of security protocols results leads a hacker to the point they're able to access your financial information.



"Outside the most popular websites, users are 2.5x more likely to reuse vulnerable passwords, putting their account at risk of hijacking."



The security blog comes courtesy of Google researchers, Jennifer Pullman, Kurt Thomas and Ellie Bursztein; you can access it here. The team put together an extension for the Chrome browser called Password Checkup which is designed to warn the user if the password entered matches one of the 4 billion username and password combinations that Google knows to be compromised.


“Since our launch,” the researchers said in a release, “over 650,000 people have participated in our early experiment. In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe- 1.5% of sign-ins scanned by the extension.”

“Protecting accounts from credential stuffing attacks remains burdensome due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and identity providers remain in the dark as to which accounts require remediation,” the researchers said.


“Our research shows that users opt to reset 26% of the unsafe passwords flagged by the Password Checkup extension. Even better, 60% of new passwords are secure against guessing attacks- meaning it would take an attack over a hundred million guesses before identifying the new password.”


“By design, the Password Checkup extension ensures that Google never learns your username or password, regardless of whether you enable telemetry, but we still want to provide this option if users would prefer not to share this information.”


Below, we’ve listed the 25 most common passwords, according to Equire; if you’ve made the list- please, change your passwords now!




1. 123456

2. password

3. 123456789

4. 12345678

5. 12345

6. 111111

7. 1234567

8. sunshine

9. qwerty

10. iloveyou

11. princess

12. admin

13. welcome

14. 666666

15. abc123

16. football

17. 123123

18. monkey

19. 654321

20. !@#$%^&*

21. charlie

22. aa123456

23. donald

24. password1

25. qwerty123

© 2019 by Best Practice

  • White YouTube Icon
  • White LinkedIn Icon
  • White Instagram Icon
  • White Facebook Icon
  • White Twitter Icon