2014’s popular passwords show security is still a joke

Chris Davies - Jan 20, 2015, 9:12am CST
6
2014’s popular passwords show security is still a joke

We should be using crazy-strong passwords, but we’re not. With online hacks seemingly making news every other week, companies large and small seeing their systems invaded, and the value of our digital data never more valuable, you’d think the passwords we commonly use would be getting stronger. New research into the most popular passwords discovered among the various leaks over the course of 2014 suggests that taking the simple – and thus easy to guess or brute-force crack – option is still the road most traveled for many netizens, with perennial favorites “123456” and “password” still topping the charts.

In fact, the list compiled by SplashData from around 3.3m leaked passwords last year makes for disappointing reading if you’re even tangentially interested in security.

As always, it seems most people are letting “easy to type” and “easy to remember” be their primary goals when they pick a way to secure their accounts. Strings of letters and numbers that run from left to right across the keyboard are popular, as are common words like favorite sports, and peoples’ birth years.

According to SplashData, there’s good news and bad news in the 2014 findings. While the list is relatively unchanged compared to the previous year, the frequency at which its contents were discovered in apparently active use has diminished.

“In 2014, the top 25 passwords represented about 2.2% of passwords exposed,” security expert Mark Burnett said of the findings. “While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

The top 25 passwords are below, while the remainder on the top 100 list include children’s names, star athletes, car and movie names, and various obscene words and phrases.

1. 123456 (Unchanged from 2013)
2. password (Unchanged)
3. 12345 (Up 17)
4. 12345678 (Down 1)
5. qwerty (Down 1)
6. 1234567890 (Unchanged)
7. 1234 (Up 9)
8. baseball (New)
9. dragon (New)
10. football (New)
11. 1234567 (Down 4)
12. monkey (Up 5)
13. letmein (Up 1)
14. abc123 (Down 9)
15. 111111 (Down 8)
16. mustang (New)
17. access (New)
18. shadow (Unchanged)
19. master (New)
20. michael (New)
21. superman (New)
22. 696969 (New)
23. 123123 (Down 12)
24. batman (New)
25. trustno1 (Down 1)

SplashData used leaked password information predominantly sourced from North American and Western European users, omitting those from other regions which might have skewed the findings.

The recommendations for keeping your online accounts secure stay the same. Avoiding common words or names, or breaking them up with numbers, case-changes, and symbols are a good start, as well as using longer rather than shorter passwords.

If you’re still hunting down the perfect recipe for a stronger password, we’ve got you covered.

SOURCE SplashData


Must Read Bits & Bytes