January 21, 2015
‘Password’ and ‘123456’ Still Commonly Used Passwords: Survey
Whether it is stupidity or laziness no one knows for sure — but a large number of Internet users continue to use easily-guessed passwords to safeguard their accounts.
The top two passwords — 123456 and password — have been on SplashData’s list of the worst and most commonly used passwords since the survey’s inception in 2011.
The fourth annual report, which is compiled from more than 3.3 million leaked passwords from North America and Western Europe in 2014, is filled with numerical passwords such as 1234 and 123456789. In fact, nine of the top 25 passwords on the 2014 list are made up of numbers only.
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” SplashData CEO Morgan Slain said. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
Here are the top 25 worst passwords of 2014:
| Rank | Password | Change from 2013 |
| 1 | 123456 | No Change |
| 2 | password | No Change |
| 3 | 12345 | Up 17 |
| 4 | 12345678 | Down 1 |
| 5 | qwerty | Down 1 |
| 6 | 123456789 | No Change |
| 7 | 1234 | Up 9 |
| 8 | baseball | New |
| 9 | dragon | New |
| 10 | football | New |
| 11 | 1234567 | Down 4 |
| 12 | monkey | Up 5 |
| 13 | letmein | Up 1 |
| 14 | abc123 | Down 9 |
| 15 | 111111 | Down 8 |
| 16 | mustang | New |
| 17 | access | New |
| 18 | shadow | Unchanged |
| 19 | master | New |
| 20 | michael | New |
| 21 | superman | New |
| 22 | 696969 | New |
| 23 | 123123 | Down 12 |
| 24 | batman | New |
| 25 | trustno1 | Down 1 |
SplashData suggests people avoid using letters or numbers in sequence, for instance using qwertyuiop — the top row of letters on a standard keyboard —is not a good idea. Simple passwords like football or baseball are also too easily guessed as are names of sports teams.
Using personal information like your first name or birthday is also a no-no. Swear words and phrases, hobbies, famous athletes, car brands, and film names are also a bad idea.
SplashData collaborated on the list this year with security expert and author Mark Burnett. Burnett said 2014’s most commonly used passwords are pretty consistent with past years.
“The good news is that it appears that more people are moving away from using these passwords,” he said. “In 2014, the top 25 passwords represented about 2.2 percent of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”
SplashData offers the following tips for choosing more secure passwords:
- Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
- Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites as you do for online e-mail, social networking, and financial services. Use different passwords for each new website or service you sign up for.
- Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, but choose one with a strong track record of reliability and security.
Jennifer Cowan is the Managing Editor for SiteProNews.
123456 Replaces Password as the Worst Most-Used Password in 2013
New Deal Offers Password Security for Life