“123456” remains and retains the top position in the most popular or rather “worst password” list, says SplashData News, which compiles millions of stolen passwords that are made public and then arranges them in decreasing order of occurrences.
The report noted that simple numerical passwords still remain common like last year and the first time entrants to the list included “696969” and “batman”. However, “iloveyou” was one of the nine passwords that fell off the list.
The other 24 most popular passwords included in the list were:
- password (Unchanged)
- 12345 (Up 17)
- 12345678 (Down 1)
- qwerty (Down 1)
- 123456789 (Unchanged)
- 1234 (Up 9)
- baseball (New)
- dragon (New)
- football (New)
- 1234567 (Down 4)
- monkey (Up 5)
- letmein (Up 1)
- abc123 (Down 9)
- 111111 (Down 8)
- mustang (New)
- access (New)
- shadow (Unchanged)
- master (New)
- michael (New)
- superman (New)
- 696969 (New)
- 123123 (Down 12)
- batman (New)
- trustno1 (Down 1)
This year SplashData collaborated with mark Burnett, online security expert and author of “Perfect Passwords”(http://www.xato.net) to compile the list.
The report is assembled from more than 3.3 million leaked passwords during the year and it included users mostly in North America and Western Europe. The report reiterates that many people still continue to use weak and gullible passwords.
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are. Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure, “said Morgan Slain, CEO of SplashData.
He further advised that users should avoid sequence that just mirrors the keyboard sequencing, like “qwertyuiop”. One should also be careful not to use a favorite sport, favorite team, birthdays, birth years and common names.
The report noted that game-based passwords like baseball, football were in top 10 leaked passwords while hockey, golfer and soccer were in top 100. Names of favorite team like Yankees, eagles, steelers, rangers and lakers were also in the top 100 leaked passwords. Also included in the top 100 were swears and phrases, hobbies, car brands and film names.
SplashData, provider of SplashID line of password management applications, does this exercise annually to encourage adoption of stronger passwords.
“As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites,” said the company CEO.