This current list of the 25 worst passwords was compiled by the company SplashData. The company created a list by going through more than 3.3 million leaked passwords over the past year, with the vast majority of them coming from North America and Western Europe. The worst of the worst in passwords was “123456” which retained the top spot which it held in 2013 as well. This was followed by the password “password” which took second place, and “12345” which came in third place.
While there isn’t a good excuse for using the common passwords, people end up using them because they want something easy to remember so they don’t forget theirs. The result many times is keyboard patterns such as “123456” and “qwerty” which are easy to guess. Because these types of passwords are based on a keyboard pattern, they are weak. Hackers know these patterns, and they will be among the first they test when trying to break into an account. It really doesn’t matter how long the patterned sequence is, because it’s based on a pattern, it’s much weaker than a combination of non-patterned numbers and letters.
This year saw ten new passwords make their way into the top 25 most common in 2014 that weren’t there in 2013. This included people using their favorite sport as a password (baseball and football were new to the list, both making it into the top ten) and favorite superhero (batman and superman both made the list). Other themes found within the top 100 most common passwords included swear words, common baby names, famous athletes and movies.
There are a number of things you can do to protect your accounts with a quality password which are easy to implement:
Create a secure password
Create a password of 8 characters or more made up of numbers, letters and symbols. Avoid using common keyboard patterns, common words and publicly available information (your address or phone number)
Use a unique password for each account
Don’t use the same password for multiple accounts because if one password does get compromised, all your accounts are compromised, not just one.
Keep your password recovery options up-to-date
If you do forget your password or get locked out, you need a way to get back in. If you don’t have recovery options up to date, you may never get back in. Keeping an up-to date email with the recovery also may give you a heads up if one of your accounts has been compromised with a notice of a password being changed.
Below you’ll find the 25 Worst Passwords of 2014
1. 123456
2. password
3. 12345
4. 12345678
5. qwerty
6. 1234567890
7. 1234
8. baseball (New to top 25)
9. dragon (New to top 25)
10. football (New to top 25)
11. 1234567
12. monkey
13. letmein
14. abc123
15. 111111
16. mustang (New to top 25)
17. access (New to top 25)
18. shadow
19. master (New to top 25)
20. michael (New to top 25)
21. superman (New to top 25)
22. 696969 (New to top 25)
23. 123123
24. batman (New to top 25)
25. trustno1
(Photo courtesy of Dev.Arka)
People who use those types of passwords are just being lazy. Nobody ever thinks it’s going to happen to them, but it’s a pain in the ass when it does. There are going to be a lot of people who wished they had a stronger password after the fact.
I didn’t initially understand why “qwerty” was a bad password since it seemed obscure, until I looked at my keyboard. I also heard that you shouldn’t place a single number at the end of a word, especially a 1.
Here is one more
696969
Especially 6969 will let you in on most gated communities
The movie Spaceballs made fun of stupid passwords…. in 1987!
I use throwaway passwords (like these listed) on things I don’t care about, won’t ever see again, etc.
I also use extremely weak passwords in our internal lab.
Why? Because they’re things that don’t matter, or are otherwise inaccessible.
Passwords all suck anyway – even if you’re not using a “weak” one, they’re not that difficult to crack: because you don’t even need to get the right password, you just need to have a rainbow table to find another bit sequence that hashes to the same thing.