Study Shows People Still Haven't Learned Their Lesson When It Comes To Bad Passwords

Geeks everywhere know the risks associated with using weak, obvious or easily guessed passwords. However, despite the uptick of data breaches, followed by numerous warnings, the general public still seems to remain totally oblivious to the risk!

According to a recent report from a company called SplashData, it appears as though we are still seeing widespread usage of  extremely obvious passwords such as "1,2,3,4,5, 6" (or a shorter combination) password, or even worse, general words like names and names of super heroes. Why are these worse you might ask, well because people wrongfully think they are safer and more secure when in fact they are much less secure. (More on that later though).

SpashData compiles the company's annual listing of the most popular passwords through a list of those leaked in high profile data breaches from the previous year. According to SplashData, the passwords evaluated for the 2014 list were mostly held by users in North America and Western Europe. In 2014, millions of passwords from Russian accounts were also leaked, but these passwords were not included in the analysis.

The top 25 list contains the following:

1. 123456 (Unchanged from 2013)
2. password (Unchanged)
3. 12345 (Up 17)
4. 12345678 (Down 1)
5. qwerty (Down 1)
6. 1234567890 (Unchanged)
7. 1234 (Up 9)
8. baseball (New)
9. dragon (New)
10. football (New)
11. 1234567 (Down 4)
12. monkey (Up 5)
13. letmein (Up 1)
14. abc123 (Down 9)
15. 111111 (Down 8)
16. mustang (New)
17. access (New)
18. shadow (Unchanged)
19. master (New)
20. michael (New)
21. superman (New)
22. 696969 (New)
23. 123123 (Down 12)
24. batman (New)
25. trustno1 (Down 1)

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
For example, users should avoid a sequence such as “qwertyuiop,” which is the top row of letters on a standard keyboard, or “1qaz2wsx” which comprises the first two ‘columns’ of numbers and letters on a keyboard.

Other tips from a review of this year’s Worst Passwords List include:

•   Don’t use a favorite sport as your password – “baseball” and “football” are in top 10, and “hockey,” “soccer” and “golfer” are in the top 100. Don’t use a favorite team either, as “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
•   Don’t use your birthday or especially just your birth year -- 1989, 1990, 1991, and 1992 are all in the top 100.
•   While baby name books are popular for naming children, don’t use them as sources for picking passwords. Common names such as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50.

Also in the top 100 are swear words and phrases, hobbies, famous athletes, car brands, and film names. None of these are truly secure or should be seen as viable passwords. Users get a false sense of security by changing from using traditional number only combination to using common words. Something that puts your information at extreme risk! Brute Force hacking using a database, often large collections of words from the dictionary. Therefore it is best to avoid common words entirely and use a combination of letters, numbers and special characters.

SplashData offers three simple tips to be safer from hackers online:
1.    Use passwords of eight characters or more with mixed types of characters.
2.    Avoid using the same username/password combination for multiple websites.
3.    Use a password manager to organize and protect passwords, generate random passwords, and automatically log into websites.