What are the World's Worst Passwords?
Passwords are important, very important in fact as they're usually the only thing preventing criminals from stealing your personal and credit card information, and using your email account for sending spam (and having your account closed shortly afterwards as a result!)Â In short it's critical to have secure and unique passwords for everything these days.
Now SplashData have compiled the list of the top 25 most common passwords. They have compiled the list by examining the password dumps that have been posted online by hackers.
The list, which unsurprisingly comes with the password "password" as the most common doesn't come with any great surprises. The most common threads running through these are that they are all very short and most are common dictionary words or proper names. These are all things to be avoided when creating a new password.
You will notice though that the password "qazwsx" is in the list and why shouldn't this be secure. If you look at your keyboard you will see why, as password cracking software looks at common patterns that can be typed on your keyboard.
The list of the top 25 most common passwords is...
1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football
It's not actually difficult to create a strong password and I have put a posted I created below (click to view it full size) that you can print out and put on your wall in your home office or workplace.
A strong password should be absolute minimum of 8 characters in length, preferably a minimum of 10 characters and contain a mixture of numbers, symbols and upper and lower case letters. You can use numbers and symbols to replace letters they are similar to, for example using an "&" instead of the letter "a" and using the number "1" instead of an "i" or an "l".
You can also mix things in a way that makes sense when remembering the code you have used to create the password. For example, you could have a password made up of two words of different lengths, where the third letter of each word is capitalised and the fifth character in each word is replaced by a symbol.
Finally you can also, for added security, append to the end of the password, or preferably mix into it the first three letters (or a three or four letter identifier) for the website or service the password is for. For example Amazon could mean the letters AMZ are mixed into your password.
By following these rules it's very easy to create long, super-secure and above all memorable passwords that will help your data and financial information stay safe online.
There are also other things you can do keep your passwords safe. One way is to use randomly generated passwords and password storage software on your PC (with it's own secure password) to auto-fill these in on the websites you use.
Having a super-strong password is so important so I really urge you to tweet, blog and share this post and the poster as far and wide as possible so your friends, family and colleagues can see if their own passwords are in the list.
Advertisement
Dear lord, I read this article via RSS and immediately clicked on it to pull up the site and comment on the whole ‘gibberish password’ ideal and how it’s better to use an intelligible, longer, phrase instead. And here I see that a number of people have already beaten me to the punch. Bravo.
All you need is a password manager such as Sisma or Keepass that will keep all your passwords encrypted. This way you can choose many very strong passwords for your many websites, but have to memorize only one strong password for your passwords database.
this kind of stuff again.
In fact if it is something really important, I would suggest using hardware password like USB (256 bit encryption) + SMS random code + typing password
Today the big challenge is numerous password (mail, social net, bank account, shopping account, company, online game, messenger, ………) to use in the life, and if one guy has more than 4 passwords totally different, it would be confusing even mess sometimes.
An online or local password manager could be useful, but you have to be careful about master password and a backup policy should be taken into account
This is great advice for people. I am careful with what I pick but I am amazed that some of these number sequences are popular! I didn’t realize that a lot of people were not aware of how dangerous it is.
I wouldn’t use all numbers no matter what the sequence is. I have heard of people using their social security number too. That is just crazy as it can also lead to identity theft too!
When you look at the top 25 passwords you will notice that none is larger than 8 characters. I’d suggest to double that wherever possible and use a password manager like KeePass to generate secure passwords.
What I really do not understand is how some security sensitive online businesses, banks for instance, still allow only six or even only four characters for a password. That’s insane even if accounts are locked after three tries.
Oh my gosh !!!
How is that someone correctly guessed all my passwords ???
This takes me back to my days as a student when (This was back in Novell 3.x days) when we used to manage to copy the bindery off onto floppies and brute-force the admin passwords.
One of the common ones at the time was carpet.
Surprised it’s not in there still.
I just use a hash (sha1, sha256, md5, etc) generator to produce a long random password from an easily remembered key word or the URL of the site and then add or subtract several characters to obscure that it is hash generated. The world will be much, much older before they are cracked.
This site will generate a number of different hashes from entered keywords: http://www.hashgenerator.de/
Can be quite interesting to try a few passwords out on these sites
https://www.grc.com/haystack.htm
https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx
Hi, Have you had a read of Steve Gibsons password haystacks, it flies in the face of common thought practise for secure complex passwords but makes sense when you listen, there is a security now podcast on the whole subject, have a read here. https://www.grc.com/haystack.htm
Like I say , it makes sense but I shudder trying to explain to a user why HorseStapleCar………… is more secure than He7(*j#hF
Wasn’t there an article a while back about how a 4 or 5 common word phrase (like “ilovehorsebackriding”) was an excellent method to construct a password phrase that was easy to remember?
Obligatory XKCD Comic: http://xkcd.com/936/
Making unguessable and uncrackable passwords is easy. Making easy to remember passwords is easy too. Mnemonics >> cat dancing on the keyboard.
What’s even better is that using a passphrase of dictionary words also makes them far, FAR easier to enter on the software keyboards that power smartphones and tablets. Being able to Swype my passwords beats having to mess about with shift/alt soft keys and press and hold for half my characters otherwise.
Though qazwsx making the list was surprising.