Worst password list released with ‘password’ coming in second

Jan. 21, 2015

The top bad password for 2014 was “123456,” followed by “password”—both retain their top two positions from 2013. Next is “12345,” up an impressive 17 positions from 2013, displacing “12345678” from the third spot and moving it down to fourth, according to SplashData’s annual list of the top 25 most common—and thus worst—passwords found on the Internet. To compile the list, the company evaluated 3.3 million passwords leaked over the year.

The list includes additional number and alphanumeric sequences such as “123123” (23rd place) and “abc123” (14th place) and common keyboard patterns such as “qwerty” (5th place). New passwords in the list this year include “baseball,” “dragon,” and “football” (in spots 8, 9, and 10, respectively).

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData, via PRWeb, where you can see the complete list. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”

SplashData offers these warnings:

  • Don’t use a favorite sport as your password—“baseball” and “football” are in top 10, and “hockey,” “soccer,” and “golfer” are in the top 100. Don’t use a favorite team either, as “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
  • Don’t use your birthday or especially just your birth year—1989, 1990, 1991, and 1992 are all in the top 100.
  • While baby name books are popular for naming children, don’t use them as sources for picking passwords. Common names such as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50.

And the company offers these tips:

  • Use passwords of eight characters or more with mixed types of characters.
  • Avoid using the same username/password combination for multiple websites.

And, not surprisingly, the company recommends using a password manager such as its own SplashID to organize and protect passwords, generate random passwords, and automatically log into websites.

Lifehacker offers reviews of more password managers, including LastPass, Dashlane, KeePass, 1Password, RoboForm, and Password Safe.

About the Author

Rick Nelson | Contributing Editor

Rick is currently Contributing Technical Editor. He was Executive Editor for EE in 2011-2018. Previously he served on several publications, including EDN and Vision Systems Design, and has received awards for signed editorials from the American Society of Business Publication Editors. He began as a design engineer at General Electric and Litton Industries and earned a BSEE degree from Penn State.

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!