The most common passwords of 2016 have been revealed, and they're terrible

midian182

Posts: 9,632   +120
Staff member

No matter how many times people are warned about the dangers of using terrible passwords, the practice is still incredibly common. That’s the conclusion of Keeper Security, a password management software firm, which has analyzed over 10 million login details leaked online through data breaches that happened in 2016.

As was the case in 2015, the most popular password is still “123456,” which made up an incredible 17 percent of those checked. This is followed in second place by the equally perplexing “123456789.” Easily guessed numbers make up eight of the top ten most popular entries, including “111111” at number five. The only good news is that the ever-present “password,” often found in the top five on these kind of lists, has now dropped to eighth position.

It's noted that seven of the top fifteen passwords are made up of six or fewer characters, allowing brute-force attacks to unscramble them within seconds.

The presence of “18atcskd2w” and “3rjs1la7qe” may seem like something of an anomaly, perhaps an indication that some people are at least trying to make things more difficult for cybercriminals. Sadly, this isn’t the case. It turns out that these more complex passwords are repeatedly used by bots when setting up dummy email accounts for spam and phishing attacks.

"Email providers could do everyone a favour by flagging this kind of repetition and reporting the guilty parties," said Keeper's researchers.

Ultimately, the top 25 passwords have barely changed over the last few years, and while most of us will blame the users who pick them, Keeper Security says that “the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.”

Really, though, everyone should just use a password manager.

Here's the complete list:

1. 123456

2. 123456789

3. qwerty

4. 12345678

5. 111111

6. 1234567890

7. 1234567

8. password

9. 123123

10. 987654321

11.qwertyuiop

12. mynoob

13. 123321

14. 666666

15. 18atcskd2w

16. 7777777

17. 1q2w3e4r

18.654321

19. 555555

20. 3rjs1la7qe

21. google

22. 1q2w3e4r5t

23. 123qwe

24. zxcvbnm

25. 1q2w3e

Permalink to story.

 
I don't understand the pattern behind number 15 and number 20? Is it a reference to something or what? :S

There is a hint if you read the article. ;)

So, the #1 reason that #15 & #20 made the list of "most common" passwords...is because they're the most common password used by "dummy" botnet emails? Shouldn't that disqualify them, since they're not "real" passwords for "real" email accounts?
 
Nothing changes
Well, you can bet that these passwords are used by the, perhaps, non-technical computer user who has no idea that the password they are using is easily cracked. Unfortunately, people like that are born every minute! ;)
 
The most common passwords of any given time period are of course going to be terrible by definition. It would be impossible to have a list of the most common passwords and to consider them strong.
 
I could use 123456 with a 2 step authentication site, and that doesn't even bother me.

It's that simple, as stated in the article:
Keeper Security says that “the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.”
I would even go one step further and blame it on poor security policies altogether, not only password complexity policies.

EDIT: Techspot, the ""
Keeper Security says that “the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.”
within a quote read awkwardly in news mode, yet in forum mode they look correct.
 
Ehm..guys correct me if I'm missing something..but how can a super secured password ever be on the most common list???Lets say my passsword is ""tH1s3ismytechblogp4ssw0rd"" what are the chances to have it even 1 more person on earth?but 1234.. propably more than 2 people have it
 
Ehm..guys correct me if I'm missing something..but how can a super secured password ever be on the most common list???Lets say my passsword is ""tH1s3ismytechblogp4ssw0rd"" what are the chances to have it even 1 more person on earth?but 1234.. propably more than 2 people have it
Bro, do you even read?
 
Sadly, this isn’t the case. It turns out that these more complex passwords are repeatedly used by bots when setting up dummy email accounts for spam and phishing attacks.
Well in that case this whole list is bullshit potentially being used by bots!
 
Well in that case this whole list is bullshit potentially being used by bots!
Well no. For me, it simply calls to question whether or not "net-bots" have become smarter than the majority of humans on the web. And remember, you have to catch a net-bot, before you can hack it.. Moral, you can't hack what you can't catch, therefore the strength of the password doesn't matter.

PS, I made all that sh!t up on the spur of the moment from a children's rhyme. It would probably behoove you not to bother fact checking it. Just take it for what it is....., or isn't. :p
 
Ehm..guys correct me if I'm missing something..but how can a super secured password ever be on the most common list???Lets say my passsword is ""tH1s3ismytechblogp4ssw0rd"" what are the chances to have it even 1 more person on earth?but 1234.. propably more than 2 people have it
Bro, do you even read?
And by that I mean that you cannot find a good password in a list with common words..good passwords must be unique
 
I could use 123456 with a 2 step authentication site, and that doesn't even bother me.

It's that simple, as stated in the article:
Keeper Security says that “the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.”
I would even go one step further and blame it on poor security policies altogether, not only password complexity policies.
Absolutely have to agree with you. There are many cases in the tech industry as a whole where security is an afterthought rather than a forethought, e.g., IoT.

Until everyone in the tech industry takes security seriously, these easy crack passwords will continue to show up.
 
Mmm, so if I understand right, it took Russia 8 tries to get into Podesta's e-mail account. Bet China did it in 5.

:)
 
Thanks for the list. I am going to try them all on my friends accounts
Make sure you use a VPN. Although highly unlikely, their email provider might dime you out, and you won't be getting any eChristmas cards...:D Perhaps even ransomware in your eStocking... (The web equivalent of coal).
 
Back