Password management app company SplashData has recently released its annual list of the “Worst Passwords” for the year 2014. The list contains the 25 most commonly used online passwords compiled from more than 3.3 million leaked passwords during 2014 and thus represents the most commonly guessed and compromised passwords of the year.
If we needed any further proof that the average Joe Citizen just does not listen, “123456” and “password” continue to hold the top two spots that they have held each year since the first list was compiled in 2011. Four years on and the exact same two worst passwords are still being used predominantly, the mind boggles!
Here is the full list including positions relative to 2013:
Rank | Password | Change from 2013 |
1 | 123456 | No Change |
2 | password | No Change |
3 | 12345 | Up 17 |
4 | 12345678 | Down 1 |
5 | qwerty | Down 1 |
6 | 123456789 | No Change |
7 | 1234 | Up 9 |
8 | baseball | New |
9 | dragon | New |
10 | football | New |
11 | 1234567 | Down 4 |
12 | monkey | Up 5 |
13 | letmein | Up 1 |
14 | abc123 | Down 9 |
15 | 111111 | Down 8 |
16 | mustang | New |
17 | access | New |
18 | shadow | Unchanged |
19 | master | New |
20 | michael | New |
21 | superman | New |
22 | 696969 | New |
23 | 123123 | Down 12 |
24 | batman | New |
25 | trustno1 | Down 1 |
SplashData’s list of frequently used passwords clearly shows that, despite all the warnings to the contrary, many people continue to needlessly put themselves at risk by using weak, easily guessable passwords.
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences.”
SplashData notes that favorite sports and sports teams also feature regularly in the top 100, as well as birth dates and popular pet and baby names – easy to remember but terrible passwords from a security point of view.
Splashdata finishes up its report by reiterating common advice to help keep users safe from hackers:
- Use passwords of eight characters or more with mixed types of characters.
- Avoid using the same username/password combination for multiple websites.
- Use a reputable password manager to organize and protect passwords, generate random passwords, and automatically log into websites.
Seriously folks, we know it can be a struggle to remember long, strong passwords but there are plenty of excellent password managers out there to help with this. I wonder why it is that, even in the face of so much evidence, so many people continue to use weak, ineffective passwords. Perhaps because of the “it will never happen to me” syndrome?
Great article Jim, good to see those silly passwords highlighted and just goes to show how vulnerable people often leave themselves, even with the best technology in the world, it’s only as safe as its weakest password.
Unbelievable!
Do these people really think “123456” is a clever thing?!
Nobody would ever think of “123456”, right?
Or, how about “794613”? Look at your numeric keypad to see how inane this is. Even a caveman could figure this out (ya, I know I stole that) and he could do it without a computer. Heck! I could do it on my abacus!
Note: My ‘abacus’ is an external tool, not a physical attribute.
Doh,
Richard
I recently read a depressing article by Leo Notenboom saying that a mere 15% of his countless readers actually perform backups on a regular schedule. 25% responded with, “What is a backup?” How disappointing…
This is a terrible reflection of the goal I and many others have tried to accomplish over the years. Does no one listen? Are you all doomed to failure?
This same way of thinking will ultimately cause your simplistic passwords to self-destruct as well. Smarten up!
Creating wonderful, complex passwords may take time, yes. But time will pass anyway, so why not make good use of it if you plan to be on the very dangerous edge of the “Net”.
“An abysmal failure, I am.” ~ Yoda’s surrogate,
Richard
We used to have a password manager, but we tried to use the same email address for both of us when our computers were networked and it would not work. We tried to get some help from the company, but because it was free, they were no help. Is there one out there that is EASY to use? I don’t want it to do the dishes, just save passwords and create them for me. I keep looking at them and am willing to pay if they will be available for real live help.
I recommend LastPass. It is secure, free, unless you want auto-fill on mobile devices, and even the premium version is only $12 per year. You can share a master email / password with spouse / partner and it is easy to use. My wife took to it readily even though she is no computer expert. I have also found the support (via email) to be excellent, even for free version.
Password checkers such as https://howsecureismypassword.net/ are very odd!!
They do not seem to take into consideration the simple keyboards that we use. The qwerty ones.
I would have thought that a password comprising a progressive set of keys pressed one after another along the keyboard would be weak.???
Try this using the bottom keys:
zxcvbnm,./
98 days to crack!
And if you then reverse back again a few keys:
zxcvbnm,./.,
Then it’s 546 years.
This combination of key presses would take most hackers less than one minute to crack.
I wonder why these “test your password” sites don’t realise that?
Who would use : qwertyuiop[] as a password?
Well it’s very safe.
Oh yes, using these keys is a 546 year task to hack?
I don’t think so.