According to a recent report from a company called SplashData, it appears as though we are still seeing widespread usage of extremely obvious passwords such as "1,2,3,4,5, 6" (or a shorter combination) password, or even worse, general words like names and names of super heroes. Why are these worse you might ask, well because people wrongfully think they are safer and more secure when in fact they are much less secure. (More on that later though).
SpashData compiles the company's annual listing of the most popular passwords through a list of those leaked in high profile data breaches from the previous year. According to SplashData, the passwords evaluated for the 2014 list were mostly held by users in North America and Western Europe. In 2014, millions of passwords from Russian accounts were also leaked, but these passwords were not included in the analysis.
The top 25 list contains the following:
- 123456 (Unchanged from 2013)
- password (Unchanged)
- 12345 (Up 17)
- 12345678 (Down 1)
- qwerty (Down 1)
- 1234567890 (Unchanged)
- 1234 (Up 9)
- baseball (New)
- dragon (New)
- football (New)
- 1234567 (Down 4)
- monkey (Up 5)
- letmein (Up 1)
- abc123 (Down 9)
- 111111 (Down 8)
- mustang (New)
- access (New)
- shadow (Unchanged)
- master (New)
- michael (New)
- superman (New)
- 696969 (New)
- 123123 (Down 12)
- batman (New)
- trustno1 (Down 1)
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
For example, users should avoid a sequence such as “qwertyuiop,” which is the top row of letters on a standard keyboard, or “1qaz2wsx” which comprises the first two ‘columns’ of numbers and letters on a keyboard.
Other tips from a review of this year’s Worst Passwords List include:
- Don’t use a favorite sport as your password – “baseball” and “football” are in top 10, and “hockey,” “soccer” and “golfer” are in the top 100. Don’t use a favorite team either, as “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
- Don’t use your birthday or especially just your birth year -- 1989, 1990, 1991, and 1992 are all in the top 100.
- While baby name books are popular for naming children, don’t use them as sources for picking passwords. Common names such as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50.
SplashData offers three simple tips to be safer from hackers online:
1. Use passwords of eight characters or more with mixed types of characters.
2. Avoid using the same username/password combination for multiple websites.
3. Use a password manager to organize and protect passwords, generate random passwords, and automatically log into websites.