Worst Passwords Annual List Released By SplashData
January 21, 2014

‘Password’ No Longer Tops The List Of Worst Passwords

redOrbit Staff & Wire Reports - Your Universe Online

Mobile phone software company SplashData has released its annual list of the 25 most frequently used online passwords, and for the first time in the brief history of the list, there's a new #1!

During the first two years in which the Los Gatos, California-based firm first started analyzing the most common passwords among those leaked by hacker, “password” topped the list. This year, however, it has fallen to the second-place position, with “123456” replacing it as the world's most used password.

The third place position was held by “12345678,” followed by “qwerty” and “abc123”. Other predictable passwords appearing on the 2013 list include “111111” (#7), “iloveyou” (#9) and “admin” (#12), the company said.

“Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” SplashData CEO Morgan Slain said in a statement. “Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies.”

The list was influenced by a large number of Adobe product passwords that were leaked online by Stricture Consulting Group following that firm's well-publicized security breach, according to Jon Brodkin of Ars Technica. Stricture reported a total of 1.91 million uses of “123456,” he added.

Brodkin noted that the fact SplashData has a better collection of information than in the past, not an actual change in password practices, is likely the root cause of “123456” taking over the top spot. After all, he said, four years ago it ranked ahead of “password” on a Symantec list of the most commonly used password of all time.

In addition to “adobe123” and “photoshop,” new to the list this year  include “123456789,” “admin,” “1234567890,” “1234,” “12345,” princess,” “azerty,” and “000000”.

Other, slightly more creative passwords experienced a noteworthy decline, as “monkey” dropped 11 spots to #17,”sunshine” dropped five spots to #19, and “trustno1” plummeted 12 spots to #24.

SplashData recommends that users select passwords that are at least eight characters long and comprised of a mix of letters, numbers, and symbols (when possible). However, even replacing some letters of a common word with numerical characters “can be vulnerable to attackers' increasingly sophisticated technology.”

On the other hand, random number-letter combinations can be difficult to remember. The company suggests using passphrases, or short words with spaces of other characters that separate them. Also, instead of using common phrases, they recommend combining seemingly random words, such as “cakes years birthday.”

“Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites,” they added in a statement. “Having trouble remembering all those different strong passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites.”