The most used password in Nigeria, 123456, can be compromised by hackers in matters of seconds, the nation’s cyber police has warned the internet community.

The warning by the Nigeria Computer Emergency Response Team (ngCERT) comes after a report revealed that “password” was the most used password worldwide in 2022, while “123456”, the second most used worldwide, topped the chart in Nigeria, according to a study by technology security firm, NordPass.

Following the outcome of the NordPass password study, Nigeria’s ngCERT is asking the nation’s internet community to observe strict password hygiene to safeguard against cyber criminals.

“The top three most commonly used passwords in Nigeria are 123456, 1982 and 12345678 – all of which will take a moderately-skilled hacker less than a second to compromise. The table below shows the top 10 most commonly used passwords in Nigeria and in all the 30 countries whose data was available,” ngCERT says.

“Research by Nordpass and a group of independent researchers has revealed the 200 most common passwords in 2022. The methodology used also allowed them to collect information based on country and gender. Discovery suggests that a lot of people around the world do not adhere to password hygiene rules,” according to the Nigerian cyber police.

ngCERT warns internet users that using a weak password makes it easier for an attacker to break into the user’s account. “For example,” the Nigerian cyber police says, “if the attacker breaks into an individual’s banking app, the attacker can steal money from the account. If it’s their social media account, the attacker can impersonate them and ask their contacts for financial assistance, or even lock them out of the account by changing the email address or password associated with the account. If the attacker gain’s access to their email account, s/he will be privy to personal information about the victim. If the compromised account is associated with work, it can be used to phish fellow employees or even launch a business email compromise (BEC) attack.”

As countermeasures, the Nigerian cyber police recommends these four key measures for users to observe healthy password hygiene to stay protected online:

1. Creating a password that’s long, complex and unpredictable. This means the password should be at least 12 characters long, be a combination of letters (both uppercase and lowercase), numbers and special characters (symbols), and something that’s not easily guessed.
2. The same password should not be reused across accounts; so if you’re using a particular password for your Facebook account, make sure you use a different one for your banking application, because once one account becomes compromised it means the attacker cannot use the same password to compromise your other accounts.
3. Change passwords periodically.
4. To simplify the processes above, use a password manager.

The list of passwords was collected as a result of exploration of a 3TB database by Nordpass and independent researchers that specialise in cybersecurity incidents, according to ngCERT.

Listed: Nigeria’s Top 10 most common passwords of 2022