SplashData has released its annual list of the 25 most common passwords; that popularity also makes them the worst passwords. Despite the fact that every time you turned around last year you heard about someone being hacked, it seems that pitifully weak and easily guessable passwords remain favorites. The top two passwords are still “123456” and “password” – having claimed the top worst password spot since 2011.
SplashdData’s analysis was based on over 3.3 million leaked passwords from users in North America and Western Europe. Although the top 25 passwords in 2014 only represent about 2.2% of passwords exposed, security expert Mark Burnett said, “That's the lowest percentage of people using the most common passwords I have seen in recent studies.”
For comparison, see the worst passwords of 2013 that was compiled by SplashData last year.
SplashData CEO Morgan Slain added, “Passwords based on simple patterns on your keyboard remain popular despite how weak they are. Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
Avoid using keyboard sequences “such as ‘qwertyuiop,’ which is the top row of letters on a standard keyboard, or ‘1qaz2wsx’ which comprises the first two ‘columns’ of numbers and letters on a keyboard.”
If you don’t use a password manager, then please consider doing so. Don’t reuse the same password across multiple sites. Consider using two-factor authentication. SplashData suggests using passwords that have no fewer than eight characters; it’s wise to use password phrases interspersed with a mix of uppercase and lowercase letters, numbers and symbols.
Other nuggets found from analyzing millions of passwords include advice to steer clear of baby names, as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50. The top 100 passwords include curse words and phrases, sports, favorite teams, car brands, film names, hobbies and famous athletes. Additionally, don’t use your birthday or birth year as your password — 1989, 1990, 1991, and 1992 are also in the top 100.
Also don’t use your pet’s name in your password…
In closing, here’s what happened when Jimmy Kimmel sent a camera out onto Hollywood Boulevard to ask people about their password.