The number combination “123456” replaces the only slightly more obvious “Password” at the top of the “Worst Passwords” list compiled annually by password security company SplashData. The list of 25 is compiled from millions of stolen passwords posted online during the previous year.
In a release introducing this year’s list, the company explains:
“For the first time since SplashData began compiling its annual list, “password” has lost its title as the most common and therefore Worst Password, and two-time runner-up “123456” took the dubious honor.”
SplashData speculates the change in position may have been influenced by the large number of passwords belonging to Abobe users posted online when the company was hacked in October. Early estimates suggested the information of nearly 3 million customers had been affected.
Still, the list would seem to include numerous fairly easy to guess passwords like “111111,” “admin” and even “123123” finishing in the top 25.
It’s recommended that when choosing a password you select one with eight characters or more containing mixed characters (numbers and letters if possible.) It’s also important to avoid using the same passwords, no matter how secure, for multiple accounts.
Avoid passwords with common substitutions of numbers for letters to spell familiar words or phrases. One example suggested in the SplashData press release would be “dr4mat1c” which substitutes the numbers 4 and 1 for the letters “a” and “i.”
If totally random word and number combinations are too difficult to remember, try a short phrase of unrelated words separated by spaces or dashes. One example suggested in the SplashData release is “smiles_light_skip?”. The phrase includes words that might be easier to remember without writing down but would be hard to guess since they are not related and are separated by random dash symbols.
Here’s the full list of the top 25 “Worst Passwords” for 2013. Obviously, SplashData is recommending if you are using any of these passwords for your business accounts you change them immediately:
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000
Image: SplashData
With the number of passwords I have to remember on a daily basis, I can empathize with people who choose very simple passwords. However, for security people need to up their games.
Oh dear. I’m guessing the people who came up with those passwords didn’t have the tiniest clue what’s potentially at stake.
Also, there are some sites where I’ve tried to generate a password and I’ve been forced to come up with something more complex. It wouldn’t let me complete the sign-up process until I did. Perhaps it should be the rule for everyone for everything that requires a password.
Aira Bongco
The funny thing is this is 123456 is the favorite password of my mom and dad. It seems that this is the favorite password of people who are not that acquainted with technology.
Aww, bless you mum and dad, Aira! I hope they’ll be changing their password soon though, or you can encourage them to.
I wonder how much password really matter when it was revealed that foreign spies routinely hacked into the largest websites (i.e. Facebook, Twitter, etc.) looking for data to find terrorists.
Really, if spies sent this capability, imagine how much more easily trained hackers can break into your password-protected accounts.
I see where you’re coming from, Enviro; but just because there’s someone out there that can pick a lock and therefore pick mine if they choose doesn’t mean I’m going to leave my door wide open or unlocked.