Users reuse passwords on massive scale despite warnings from experts, study shows

User names and passwords are still largely used for authentication, although security experts have doubts about their reliability, especially since users reuse them on a massive scale.

A study of some 1 billion accounts showed that 20 percent of users reuse passwords, while 27 percent use passwords almost 70 percent identical for their accounts, according to the Hasso Plattner Institut.

Following analysis of 31 data leaks available online, the research claims “123456”, “123456789”, “111111”, “qwerty”, and “12345678” are the most common passwords users have chosen, while others have used variations such as “pr1ncess”, “princess1” or “princ3ss” for multiple accounts.

Some major hacks made possible due to weak passwords include those on Yahoo!, LinkedIn, MySpace, VK and DailyMotion, as well as a number of retail and hotel chains and fast food restaurants.

“There is no complete protection against the theft of identities,” says HPI Director and co-author of the study Professor Christoph Meinel. “But if users do not change their password or use the same password for a variety of Internet services, they are unnecessarily exposed to an increased risk,” says Meinel. “Many users are unaware that criminals are making a lot of money with the trade of stolen identities and what harm they can cause.”

The institute advises internet users to regularly change their passwords, never reuse them and apply a combination of letters, numbers and special characters to build stronger passwords.