Most Internet users still prefer weak passwords over secure ones
If you are a reader of this blog you know that it is essential to use unique and strong passwords for any online or offline service that you use.
Most use a password manager for that; either one that integrates in the browser and stores data in the cloud, e.g. LastPass orÂ 1Password, a hybrid like Bitwarden, or a local password manager like KeePass that stores data locally and may also be integrated in browsers.
Most Internet users, however, seem to follow their own guidelines when it comes to selecting passwords for services; that's the impression that you get when you look at the top 100 worst passwords of 2018, and compare these to previous years.
Still at the top are insecure passwords such as 123456, password, or 123456789. Here is the entire top 10 list of weak passwords and the top list change compared to last year's listing.
- 123456 Unchanged
- password Unchanged
- 123456789 Up 3
- 12345678 Down 1
- 12345 Unchanged
- 111111 New
- 1234567 Up 1
- sunshine New
- qwerty Down 5
- iloveyou Unchanged
The number one password, 123456, has been the most widely used weak password in the past five years according to SplashData, and most passwords in the top 10 have been there for at least a year.
Why do Internet users select these weak passwords when they sign up for services? It is a mix of selecting a password that is easy to remember (comfortable) and, despite all the leak horror stories of the past, indifference and, in some cases, ignorance.
Companies could do more to prevent the use of known weak passwords but many Internet companies avoid complex passwords rules as they may discourage users.
SplashData analyzes leaked password databases and the passwords they contain to determine which passwords are used most often by Internet users. The result is a snapshot of password selecting habits of Internet users; it is not complete or 100%, and that is without doubt the main criticism that the report faces.
The services the leaked passwords came from may also influence the results; people may select secure passwords on tech-focused sites and less secure ones on sites that have nothing to do with tech.
The leak sources and the age of passwords are not mentioned either.
SplashData published three suggestions to "be safer from hackers online":
- Use at least 12 characters with mixed types of characters, e.g. upper and lower case letters, numbers, and special characters.
- Use unique passwords.
- Use a password manager.
You may also want to consider enabling two-factor authentication for important services to add another layer of protection to the account.