Blog

The world’s worst passwords

Does your go-to phrase make the list of the world’s worst passwords?

2016 was the year of the hacker, with high-profile data breaches (think presidential campaigns, large webmail providers and the like) causing businesses and individuals to renew their focus on online security. But if you’re still entering ‘123456’ in the password field, you’re making the job of cyber-criminals far too easy.

Security appliance firm SplashData analysed 2 million leaked passwords and identified the top 25 worst passwords (and password components) that could be easily guessed by hackers. Repeat offenders that appear on this list every year are “123456” and “password”.

You may be surprised to find one of your regular password phrases on the list of problematic passwords…

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx (first two columns of main keys on a standard keyboard)
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop (top row of keys on a standard keyboard)
  23. solo
  24. passw0rd
  25. starwars

Another study by researchers at IT training provider CBT Nuggets examined leaked emails and passwords (50,000 of them), looking at the affected users’ ages, names, gender and locations.

The words that occurred most commonly in the pool of compromised combinations included “angel”, “star”, “girl” and “love”; followed by “hell”, “miss” and “rock”. And if you’re a male named Dave, John, Mike or Chris aged 25-34, you’re four times more likely to be hacked!

Password dos and don’ts

  • Needless to say, don’t use any of the words on the list above
  • Don’t reuse your passwords. One account = one password
  • Change passwords on a regular basis
  • Create a password that is easy enough to remember (so you don’t have to write it down), but complex enough so that no-one else will guess it. One way of doing this is to string together random words and numbers
  • Try substituting letters with symbols or numbers that you will remember. For example, $=s; 3=e; 1=i etc.
  • Or use an online tool to randomly generate a secure password
  • Use a password manager (such as LastPass) to store and manage your passwords – this means you only need to remember one

What does a strong password consist of?

  • 12+ characters
  • Mixed character types
  • Check your password for complexity using an online password checker
  • No pop culture and sport references
  • No full names and words – any commonly known word or name puts you at risk

When in doubt about your IT security, reach out to the experts at Conosco, who can help ensure that your IT network is resilient, secure, and protected 24/7.