Password management app company SplashData has recently released its annual list of the “Worst Passwords” for the year 2014. The list contains the 25 most commonly used online passwords compiled from more than 3.3 million leaked passwords during 2014 and thus represents the most commonly guessed and compromised passwords of the year.
If we needed any further proof that the average Joe Citizen just does not listen, “123456” and “password” continue to hold the top two spots that they have held each year since the first list was compiled in 2011. Four years on and the exact same two worst passwords are still being used predominantly, the mind boggles!
Here is the full list including positions relative to 2013:
|Rank||Password||Change from 2013|
SplashData’s list of frequently used passwords clearly shows that, despite all the warnings to the contrary, many people continue to needlessly put themselves at risk by using weak, easily guessable passwords.
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences.”
SplashData notes that favorite sports and sports teams also feature regularly in the top 100, as well as birth dates and popular pet and baby names – easy to remember but terrible passwords from a security point of view.
Splashdata finishes up its report by reiterating common advice to help keep users safe from hackers:
- Use passwords of eight characters or more with mixed types of characters.
- Avoid using the same username/password combination for multiple websites.
- Use a reputable password manager to organize and protect passwords, generate random passwords, and automatically log into websites.
Seriously folks, we know it can be a struggle to remember long, strong passwords but there are plenty of excellent password managers out there to help with this. I wonder why it is that, even in the face of so much evidence, so many people continue to use weak, ineffective passwords. Perhaps because of the “it will never happen to me” syndrome?