Advertisement

‘Worst Passwords of 2014’: Your password probably still stinks

SplashData found that the top 25 worst passwords continue to look the same as the past three years.
Optimized-passwordlock

SplashData’s list is a good reminder that you should change your password. (iStockphoto)

There has been a ton of digital ink spilled in the last few years — including on this website — dedicated to influencing Internet users to change or strengthen their passwords.

It doesn’t look like people are taking that message very seriously.

Password management company SplashData released its annual “Worst Passwords of 2014” list Tuesday, with the top two passwords — “123456” and “password” — holding the same spots as they did in 2011, 2012 and 2013.

Advertisement

Simple numerical passwords — “12345,” “111111,” “123123” — make up nine of the top 25, with “12345” actually growing in popularity, jumping 17 spots to come in third on this year’s list.

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” Morgan Slain, CEO of SplashData, said in a statement. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords and they are still not secure.”

For the list, SplashData teamed with online security expert Mark Burnett to review the top 100 most frequently used passwords from more than 3.3 million passwords leaked from users in North America and Western Europe in the past year.

Among those passwords were simple words or numbers that could be cracked with minimal effort from bad actors. Sports teams (“yankees,” “eagles,” “steelers,” “lakers”), birth years (“1988,” “1989,” “1990”) and common names (“jennifer,” “thomas,” “andrew”) were all in the top 100. When FedScoop ran these passwords through the “How Secure is my Password?” website, it said the passwords would be hacked “instantly.”

While Burnett said the list is “frightening,” there are positives: The top 25 passwords represented only 2.2 percent of those exposed last year.

Advertisement

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” Burnett said. “The good news is that it appears that more people are moving away from using these passwords.”

While the passwords leaked for this study come from Internet users as a whole, the research comes at a time when those at the top levels of the federal government could use a cybersecurity refresher. Earlier Tuesday, Politico posted a scathing story detailing the lack of cybersecurity knowledge on Capitol Hill, including offices sharing passwords for social media accounts and storing password directories on shared Google Work documents.

As always, SplashData has a few tips for how to create and keep a secure password: Use passwords with eight or more mixed (letters, numbers, symbols) characters and avoid using the same one for multiple sites. Also, consider one of the many password managers that are available for free.

The top 25 worst passwords of 2014 are below. If you use one of these passwords, change it immediately.

  1. 123456 (Unchanged from 2013)
  2. password (Unchanged)
  3. 12345 (Up 17)
  4. 12345678 (Down 1)
  5. qwerty (Down 1)
  6. 1234567890 (Unchanged)
  7. 1234 (Up 9)
  8. baseball (New)
  9. dragon (New)
  10. football (New)
  11. 1234567 (Down 4)
  12. monkey (Up 5)
  13. letmein (Up 1)
  14. abc123 (Down 9)
  15. 111111 (Down 8)
  16. mustang (New)
  17. access (New)
  18. shadow (Unchanged)
  19. master (New)
  20. michael (New)
  21. superman (New)
  22. 696969 (New)
  23. 123123 (Down 12)
  24. batman (New)
  25. trustno1 (Down 1)
Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts