‘Worst Passwords of 2014’: Your password probably still stinks
There has been a ton of digital ink spilled in the last few years — including on this website — dedicated to influencing Internet users to change or strengthen their passwords.
It doesn’t look like people are taking that message very seriously.
Password management company SplashData released its annual “Worst Passwords of 2014” list Tuesday, with the top two passwords — “123456” and “password” — holding the same spots as they did in 2011, 2012 and 2013.
Simple numerical passwords — “12345,” “111111,” “123123” — make up nine of the top 25, with “12345” actually growing in popularity, jumping 17 spots to come in third on this year’s list.
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” Morgan Slain, CEO of SplashData, said in a statement. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords and they are still not secure.”
For the list, SplashData teamed with online security expert Mark Burnett to review the top 100 most frequently used passwords from more than 3.3 million passwords leaked from users in North America and Western Europe in the past year.
Among those passwords were simple words or numbers that could be cracked with minimal effort from bad actors. Sports teams (“yankees,” “eagles,” “steelers,” “lakers”), birth years (“1988,” “1989,” “1990”) and common names (“jennifer,” “thomas,” “andrew”) were all in the top 100. When FedScoop ran these passwords through the “How Secure is my Password?” website, it said the passwords would be hacked “instantly.”
While Burnett said the list is “frightening,” there are positives: The top 25 passwords represented only 2.2 percent of those exposed last year.
“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” Burnett said. “The good news is that it appears that more people are moving away from using these passwords.”
While the passwords leaked for this study come from Internet users as a whole, the research comes at a time when those at the top levels of the federal government could use a cybersecurity refresher. Earlier Tuesday, Politico posted a scathing story detailing the lack of cybersecurity knowledge on Capitol Hill, including offices sharing passwords for social media accounts and storing password directories on shared Google Work documents.
As always, SplashData has a few tips for how to create and keep a secure password: Use passwords with eight or more mixed (letters, numbers, symbols) characters and avoid using the same one for multiple sites. Also, consider one of the many password managers that are available for free.
The top 25 worst passwords of 2014 are below. If you use one of these passwords, change it immediately.
- 123456 (Unchanged from 2013)
- password (Unchanged)
- 12345 (Up 17)
- 12345678 (Down 1)
- qwerty (Down 1)
- 1234567890 (Unchanged)
- 1234 (Up 9)
- baseball (New)
- dragon (New)
- football (New)
- 1234567 (Down 4)
- monkey (Up 5)
- letmein (Up 1)
- abc123 (Down 9)
- 111111 (Down 8)
- mustang (New)
- access (New)
- shadow (Unchanged)
- master (New)
- michael (New)
- superman (New)
- 696969 (New)
- 123123 (Down 12)
- batman (New)
- trustno1 (Down 1)