If you are a reader of this blog you know that it is essential to use unique and strong passwords for any online or offline service that you use.
Most use a password manager for that; either one that integrates in the browser and stores data in the cloud, e.g. LastPass or 1Password, a hybrid like Bitwarden, or a local password manager like KeePass that stores data locally and may also be integrated in browsers.
Most Internet users, however, seem to follow their own guidelines when it comes to selecting passwords for services; that's the impression that you get when you look at the top 100 worst passwords of 2018, and compare these to previous years.
Still at the top are insecure passwords such as 123456, password, or 123456789. Here is the entire top 10 list of weak passwords and the top list change compared to last year's listing.
The number one password, 123456, has been the most widely used weak password in the past five years according to SplashData, and most passwords in the top 10 have been there for at least a year.
Why do Internet users select these weak passwords when they sign up for services? It is a mix of selecting a password that is easy to remember (comfortable) and, despite all the leak horror stories of the past, indifference and, in some cases, ignorance.
Companies could do more to prevent the use of known weak passwords but many Internet companies avoid complex passwords rules as they may discourage users.
SplashData analyzes leaked password databases and the passwords they contain to determine which passwords are used most often by Internet users. The result is a snapshot of password selecting habits of Internet users; it is not complete or 100%, and that is without doubt the main criticism that the report faces.
The services the leaked passwords came from may also influence the results; people may select secure passwords on tech-focused sites and less secure ones on sites that have nothing to do with tech.
The leak sources and the age of passwords are not mentioned either.
SplashData published three suggestions to "be safer from hackers online":
You may also want to consider enabling two-factor authentication for important services to add another layer of protection to the account.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.