When it comes to the password selection process, you are usually only restrained by the limitations imposed to you by the service you are creating an account for.
Some may have very strict but insecure rules, like enforcing 4 digit passwords only, while others may only limit the lower character limit (six or more), upper character limit (no more than 12), and a third kind may require that you pick at least a special character and a number.
Most password selection rules are not designed to enforce the use of secure passwords, but to make the password selection process convenient for the user to avoid users leaving in frustration if their password selections are rejected for being too insecure, and to avoid servers being hammered with password reset requests.
SplashData released its annual "worst passwords list" yesterday highlighting the "most commonly used passwords".It compiles the list from leaked password during the year which means that the passwords could have been created earlier and not necessarily in 2015.
Without further ado, here it is.
As you can see from the listing, most of the selected passwords are as basic as they can get as they are either basic words, numbers, or use a combination of characters that are easily detectable as a pattern on the keyboard.
The main issue here is not only that these passwords are insecure, but also that they are found in nearly any brute forcing dictionary out there.
In fact, most of these passwords have been in dictionary files twenty years ago.
The new entries to the list are as insecure as the old ones. All have in common that they are easy to type, but that is the only benefit as they leave the account wide open for attackers.
Probably the best advice that one can give to Internet users who select weak passwords is to start using a password manager that assists them in selecting secure unique passwords for every Internet service and application they use.
If that is out of the question, the following policies should be followed:
Now You: How secure are your passwords?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.