20 January, 2015
category: Corporate, Digital ID, Financial, Government, Health
Computer users are not using stronger passwords, according to the annual list of the 25 worst passwords from SplashData. In the fourth annual report, compiled from more than 3.3 million leaked passwords during the year, “123456” and “password” continue to hold the top two spots that they have held each year since the first list in 2011. Other passwords in the top 10 include “qwerty,” “dragon,” and “football.”
Simple numerical passwords remain common, with nine of the top 25 passwords on the 2014 list comprised of numbers only. Passwords appearing for the first time on SplashData’s list include “696969” and “batman.” While Valentine’s Day is less than a month away, “iloveyou” is one of the nine passwords from 2013 to fall off the 2014 list.
“Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords and they are still not secure,” said Morgan Slain, CEO of SplashData.
For example, users should avoid a sequence such as “qwertyuiop,” which is the top row of letters on a standard keyboard, or “1qaz2wsx” which comprises the first two ‘columns’ of numbers and letters on a keyboard.
Other tips from a review of this year’s Worst Passwords List include:
- Don’t use a favorite sport as– “baseball” and “football” are in top 10, and “hockey,” “soccer” and “golfer” are in the top 100. Don’t use a favorite team either, as “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
- Don’t use your birthday or especially just your birth year — 1989, 1990, 1991, and 1992 are all in the top 100.
- While baby name books are popular for naming children, don’t use them as sources for picking passwords. Common names such as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50.
Also in the top 100 are swear words and phrases, hobbies, famous athletes, car brands, and film names.
SplashData collaborated with Mark Burnett, online security expert and author of “Perfect Passwords,” on the list. While people are still using bad passwords there is some hope gleamed from the report. “The good news is that it appears that more people are moving away from using these passwords,” Burnett said. “In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”
The official 25 worst passwords of 2014:
- 123456 (Unchanged from 2013)
- password (Unchanged)
- 12345 (Up 17)
- 12345678 (Down 1)
- qwerty (Down 1)
- 1234567890 (Unchanged)
- 1234 (Up 9)
- baseball (New)
- dragon (New)
- football (New)
- 1234567 (Down 4)
- monkey (Up 5)
- letmein (Up 1)
- abc123 (Down 9)
- 111111 (Down 8)
- mustang (New)
- access (New)
- shadow (Unchanged)
- master (New)
- michael (New)
- superman (New)
- 696969 (New)
- 123123 (Down 12)
- batman (New)
- trustno1 (Down 1)