Home › News › Security
SplashData reveals 2011's 25 worst passwords
Reaffirming a smaller study released earlier this year, SplashData has published a list of this year's 25 worst passwords. We've seen countless security breaches this year and in many of those cases, the hackers released the stolen data online. SplashData has used that information to compile its list. Although some of the swiped passwords were shamelessly stored in plaintext, most were encrypted. In other words, for the following passwords to even make it on the top 25 list, they must have been cracked. That just further illustrates how worthless they are:
| 1. password | 6. monkey | 11. baseball | 16. ashley | 21. 654321 |
| 2. 123456 | 7. 1234567 | 12. 111111 | 17. bailey | 22. superman |
| 3. 12345678 | 8. letmein | 13. iloveyou | 18. passw0rd | 23. qazwsx |
| 4. qwerty | 9. trustno1 | 14. master | 19. shadow | 24. michael |
| 5. abc123 | 10. dragon | 15. sunshine | 20. 123123 | 25. football |
Naturally, if you're using any of those passwords, you should change them immediately. SplashData offers other tips on securing your Web accounts. For starters, you'll want to use passwords of at least eight characters or more with mixed alphanumerics. Without the help of a service such as LastPass or RoboForm it can be difficult to remember long, randomly generated strings of text. SplashData suggests using memorable short words separated by spaces or other characters such as "eat cake at 8!" or "car_park_city?". Programs such as KeePass can safely store your passwords locally.
"Hackers can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft," said SplashData CEO Morgan Slain. "What you don't want is a password that is easily guessable. If you have a password that is short or common or a word in the dictionary, it's like leaving your door open for identity thieves." With attackers on the prowl this holiday season, it's a great time to secure your accounts.
In a completely anecdotal side note, I feel compelled to mention that it seems some people are lured into a false sense of invincibility online. Perhaps it's because of the Web's relative anonymity, their general misunderstanding of the technology, or both. Many of the same individuals would cling to symbols of real world security -- be that an easily bypassed $10 door lock or forfeiting civil liberties to travel. Point being: it's odd that many people don't take advantage of free and easy security measures online, but they'll go to great lengths for lackluster security measures in the real world.
User Comments (17)
Post a comment|
cliffordcooley
on November 21, 2011 6:56 PM |
With attackers on the prowl this holiday season, it's a great time to secure your accounts. After all attackers only prowl during the holiday seasons. If you are going to use a less secure password, don't do it during the holiday season. Honestly why did the holiday season find its way into this article? Attackers prowl everyday not just the holidays. It was a nice read until I found my way to that sentence. A scare tactic during the holiday while the topic is just as important outside the holiday. |
|
Matthew
on November 21, 2011 7:16 PM |
It's not a scare tactic, it's reality. Cybercrime increases during the holiday season. Why? We're entering the busiest e-commerce period of the year. There are more people shopping -- that includes more clueless people to prey on. That's beyond the fact that for most families, it'd undoubtedly suck more to have their savings stolen ahead of Christmas than, say, April. You think I'm fear mongering and frankly, I think you're looking for something to complain about. |
|
ramonsterns
on November 21, 2011 8:09 PM |
You both make fine points and I respect your opinions, but anyone who uses these passwords deserves to have their savings drained. |
|
Matthew
on November 21, 2011 8:21 PM |
I agree ramon. There are instances where people take security seriously but still get scammed or whatever and I won't go as far as saying they *all* get what they have coming to them. But most victims of these crimes lack personal responsibility. They have lousy passwords, shady browsing habits, poor judgement when opening emails etc. If someone is going to enter their private information online, they need to understand the risks and do what they can to mitigate them. Unfortunately, that's asking too much of some individuals. It's a scary world. There's always been bad guys and there always will be. Likewise, there's always been reckless fools and there always will be. |
|
lawfer
on November 21, 2011 9:10 PM |
cliffordcooley said: With attackers on the prowl this holiday season, it's a great time to secure your accounts. After all attackers only prowl during the holiday seasons. If you are going to use a less secure password, don't do it during the holiday season. Honestly why did the holiday season find its way into this article? Attackers prowl everyday not just the holidays. It was a nice read until I found my way to that sentence. A scare tactic during the holiday while the topic is just as important outside the holiday. I disagree with this. Matthew pretty much took the words out of my mouth. And while I sometimes (unbiasedly) criticize Techspot, I can clearly see that, at least on that comment, you seem to just want to complain about something, but don't quite make it clear. |
|
cliffordcooley
on November 21, 2011 10:11 PM |
That doesn't change the fact that attackers are always the prowl and it's always a good time to secure your accounts. The article needs to sound as if it is still just as relevant in January as it does in December. Since you think my warning to everyone in January is a complaint against the article, I have nothing further to say. |
|
Cota
on November 21, 2011 10:25 PM |
There's no need to make a strong password since most of people get Keylogged or puts his passwords in fake web pages, of if you put your data unprotected and un-encrypted (yes SONY its you duh!) Most of mail/payment/security web services have protection measures for brute force attacks, so why bother whit strong security passwords if the user is gona give away his password or if companies have mediocre secirity and get nailed by simple and very easy attacks? (yes SONY its about you again) |
|
Guest
on November 21, 2011 11:13 PM |
Personally, I use "blank" for all my passwords... I've never gotten hacked yet. |
|
lawfer
on November 22, 2011 12:13 AM |
cliffordcooley said: That doesn't change the fact that attackers are always the prowl and it's always a good time to secure your accounts. The article needs to sound as if it is still just as relevant in January as it does in December. Since you think my warning to everyone in January is a complaint against the article, I have nothing further to say. You say "that doesn't change the fact..." What is that? I presume that is Matthew's argument. When you say "that doesn't change the fact," without directly countering it, you indirectly agree with it. So how can you agree with (or in part of) an argument, and call it inconsequential to an argument this very argument counters? Matthew never said, or even implied, attackers don't prowl on a regular basis. He simply stated they are more rampant due to the holidays. Nothing more, nothing less. Your second point is that, apparently, this article does not seem to point out that security habits should be maintained throughout the year, and not only on the holidays. While true, why is the mere emphasis on security during the holiday (due to the aforementioned reasons, the ones, which I might add, you "agree" on) such a problem to you? How does this reminder take away the fact that attackers do still attack in other times of the year? I fail to see the connection. While, granted, users should always make harder-to-guess passwords, the reminder at this holiday time is definitely pertinent. Since you think my warning to everyone in January is a complaint against the article, I have nothing further to say. What...? |
|
Wendig0
on November 22, 2011 12:30 AM |
cliffordcooley said: The article needs to sound as if it is still just as relevant in January as it does in December.
Here's a thought, edit your own articles when you run your own popular tech website. Cue bad "Everyone's a critic" line. |
|
ramonsterns
on November 22, 2011 3:25 AM |
Alright guys, ease off a bit. |
|
Guest
on November 22, 2011 3:40 AM |
I think cliffordcooley actually had a password in your list, which is why he replied. |
|
herpaderp
on November 22, 2011 6:49 AM |
^ lol @ guest, also, did someone just get lawfered AGAIN? You're on a roll man. |
|
slh28
on November 22, 2011 9:17 AM |
I guess ashley and michael are the most popular names then. |
|
Guest
on November 22, 2011 3:33 PM |
I use RoboForm, love that password manager. |
|
Guest
on November 22, 2011 4:20 PM |
that might change soon... |
|
rculver9056
on November 25, 2011 12:58 PM |
Guest said: I use RoboForm, love that password manager. Me too.. Remembers 'em, syncs 'em, the lot. And try a brute force attack on something like "ilKLv^G@fBAw9h5$F439" One of the best programs I have ever come accross. |
Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Is Apple's USB wall adapter really worth $29?
-
Google warns users infected with DNSChanger malware, provides help
Editors' Mouse Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
