Password research collective CynoSure Prime retrieved all but 116 passwords from a blacklist of 320 million passwords.

According to Sky News, the research team showed how at risk users can be if the services they use do not apply safe protections in encrypting their passwords.

The researchers found over 70% of passwords were created of just numbers and lowercase letters; very little used symbols and upper case characters.

Few passwords contained characters which required users to press the control key on their keyboard, and almost 97% of the passwords were 16 characters or shorter.

‘Enabling forms of authentication’

Partner in KPMG’s cyber security practice, Martijn Verbree, said: “Online consumer businesses getting hacked is becoming a common occurrence. When a primary email account is breached, whether it’s used for photo sharing platforms or social media accounts, all linked accounts are also breached, which has a huge impact on the consumer.

“These hacks can also compromise the user’s wider accounts. When an email account is breached, it opens up access to other non-linked accounts that use emails to validate password reset requests. Irrespective of using the same or different passwords, in this situation, the compromise is wider than just the primary account.

“It is clear passwords are the ‘weakest link’ and more needs to be done to enable other forms of authentication to prevent cyber breaches.”

Written by Leah Alger