SplashData reveals 2011's 25 worst passwords

By on November 21, 2011, 6:30 PM

Reaffirming a smaller study released earlier this year, SplashData has published a list of this year's 25 worst passwords. We've seen countless security breaches this year and in many of those cases, the hackers released the stolen data online. SplashData has used that information to compile its list. Although some of the swiped passwords were shamelessly stored in plaintext, most were encrypted. In other words, for the following passwords to even make it on the top 25 list, they must have been cracked. That just further illustrates how worthless they are:

1. password 6. monkey 11. baseball 16. ashley 21. 654321
2. 123456 7. 1234567 12. 111111 17. bailey 22. superman
3. 12345678 8. letmein 13. iloveyou 18. passw0rd 23. qazwsx
4. qwerty 9. trustno1 14. master 19. shadow 24. michael
5. abc123 10. dragon 15. sunshine 20. 123123 25. football

Naturally, if you're using any of those passwords, you should change them immediately. SplashData offers other tips on securing your Web accounts. For starters, you'll want to use passwords of at least eight characters or more with mixed alphanumerics. Without the help of a service such as LastPass or RoboForm it can be difficult to remember long, randomly generated strings of text. SplashData suggests using memorable short words separated by spaces or other characters such as "eat cake at 8!" or "car_park_city?". Programs such as KeePass can safely store your passwords locally.

"Hackers can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft," said SplashData CEO Morgan Slain. "What you don't want is a password that is easily guessable. If you have a password that is short or common or a word in the dictionary, it's like leaving your door open for identity thieves." With attackers on the prowl this holiday season, it's a great time to secure your accounts.

In a completely anecdotal side note, I feel compelled to mention that it seems some people are lured into a false sense of invincibility online. Perhaps it's because of the Web's relative anonymity, their general misunderstanding of the technology, or both. Many of the same individuals would cling to symbols of real world security -- be that an easily bypassed $10 door lock or forfeiting civil liberties to travel. Point being: it's odd that many people don't take advantage of free and easy security measures online, but they'll go to great lengths for lackluster security measures in the real world.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.