Skip to main content

What’s the worst password of 2011? “password”

password
Image used with permission by copyright holder

This last year has brought an increased emphasis on online security—what with the PlayStation Network breach, seemingly endless stories of services, companies, and governments losing personal data or seeing their systems compromised (Valve, Sony, and RSA all spring to mind), one might think consumers would be more careful with passwords on their email and social networking accounts, mobile devices, and even online banking. According to a report published by SpashData—makers of password management software, that’s not really true. SpashData looked at files containing “millions” of stolen passwords that were posted online by cyberattackers in the last year, and has compiled a list of the 25 most common passwords it found. At the top of the list: “password.”

“Hackers can easily break into many accounts just by repeatedly trying common passwords,” said SplashData CEO Morgan Slain, in a statement. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.”

Recommended Videos

SpashData’s sample is admittedly biased: its list comprises the 25 most common passwords it found in lists of accounts that had been cracked—meaning accounts with more-secure passwords aren’t even in the sample set. There’s also no indication whether these accounts represent real people or simply accounts created by automation or for testing purposes: there’s no way of knowing whether guessing the password to any one of those accounts would actually have a harmful result. Nonetheless, the results seem to indicate a rather shocking naiveté from everyday Internet users.

According to SplashData, the 25 most common passwords cracked by cyberattackers are:

  • password
  • 123456
  • 12345678
  • qwerty
  • abc123
  • monkey
  • 1234567
  • letmein
  • trustno1
  • dragon
  • baseball
  • 111111
  • iloveyou
  • master
  • sunshine
  • ashley
  • bailey
  • passw0rd
  • shadow
  • 123123
  • 654321
  • superman
  • qazwsx
  • michael
  • football

One interesting entry is “passw0rd”—many people think they’re secure from dictionary attacks if they simply change out a letter for a numeral.

Security experts generally recommend a password be at least eight characters long, contain a mix of upper- and lower-case letters, numbers, and allowable punctuation. However, from a usability standpoint, those sorts of “secure” passwords are difficult for users to remember and use—meaning they often wind up on sticky notes next to a monitor or in a file or note labelled “password,” further compromising users’ security.

“If you have a password that is short or common or a word in the dictionary, it’s like leaving your door open for identity thieves,” Slain said.

Another approach is to create rather long passwords from strings of seemingly, unrelated, ordinary words: those passwords are generally easier to type and remember, although they often aren’t accepted by systems that enforce rules about password length or requiring special characters.

xckd-password-strength
Image used with permission by copyright holder

[Comic via the excellent xkcd: http://xkcd.com/936/]

[Image via Shutterstock]

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
These embarrassing passwords got celebrities hacked
dt10 language and tech motorola razr v3 paris hilton

One thing that celebrities have in common with everyday people is that they are also susceptible to cybersecurity breaches. Many public figures have had their private and public tech accounts hacked over the years and these attacks have often been due to them simply having weak passwords that were easy for bad actors to figure out.

Socialites, actors, politicians, and even prominent tech figures are guilty of lazy password practices, and falling victim to cybercrime that has compromised their passwords.
President Donald Trump

Read more
Hackers may have stolen the master key to another password manager
Open padlock cybersecurity

The best password managers are meant to keep all your logins and credit card info safe and secure, but a major new vulnerability has just put users of the KeePass password manager at serious risk of being breached.

In fact, the exploit allows an attacker to steal a KeePass user’s master password in plain text -- in other words, in an unencrypted form -- simply by extracting it from the target computer’s memory. It’s a remarkably simple hack, yet one that could have worrying implications.

Read more
No, 1Password wasn’t hacked – here’s what really happened
A person using the 1Password password manager on a laptop while sat on a couch.

Password managers have been struggling with security breaches in recent months, with LastPass suffering a particularly bad hack as a notable example. So when 1Password users got an alert last week saying their Secret Keys and passwords had been changed without their knowledge, they were understandably panicked. Luckily, all was not what it seemed.

That’s because AgileBits, the company behind 1Password, has just explained exactly what went wrong during that event. And while it wasn’t as bad as everyone first thought, it still doesn’t paint AgileBits in a particularly good light.

Read more