. https://www.ncsc.gov.uk/blog-post/passwords-passwords-everywhere
Throughout our blogs and guidance, the NCSC have said how important it is to change your password policies (if necessary) to make it easier for users to choose 'good' ones. This includes using password blacklists (that is, making sure your users can't choose any passwords commonly found in data breaches), something that the National Institute of Standards and Technology (NIST) also recommend. Today, in collaboration with Troy Hunt, we're releasing a file containing the top 100,000 passwords from his Have I Been Pwned data set. If you see a password that you use in this list you should change it immediately. This blog explains why you should do this, and answers some common questions about password blacklists. Why is password re-use a problem? Password re-use is still a major risk for individuals and companies. The password '123456' has been found 23 million times in the breaches that Troy's collected. You might think that choosing a more complex password such as 'oreocookie' is better, but even that has been seen over 3,000 times. READ MORE