SplashData posts 25 "most popular" passwords of 2012

[Jos]

We’ve been seeing an unprecedented number of security breaches over the last few years targeting large corporations and individuals alike. That isn’t stopping people from using the most unimaginative and predictable passwords when signing up to a website or online service, however. SplashData has published a list of this year’s 25 most popular (read: worst) passwords based on millions of stolen logins posted online by hackers in 2012.

SplashData hopes the list highlights the importance of choosing a robust password and more people will start taking simple steps to protect themselves. Even though thieves have more sophisticated hacking tools at their disposal today than ever before, they still tend to prefer easy targets, SplashData says.

The list is similar to last year's but with some new additions on the bottom half such as jesus, ninja, welcome and password1 -- hey at least more people are taking the advice to combine text and numbers!

1. password (Unchanged)	10. baseball (Up 1)	18. shadow (Up 1)
2. 123456 (Unchanged)	11. iloveyou (Up 2)	19. ashley (Down 3)
3. 12345678 (Unchanged)	12. trustno1 (Down 3)	20. football (Up 5)
4. abc123 (Up 1)	13. 1234567 (Down 6)	21. jesus (New)
5. qwerty (Down 1)	14. sunshine (Up 1)	22. michael (Up 2)
6. monkey (Unchanged)	15. master (Down 1)	23. ninja (New)
7. letmein (Up 1)	16. 123123 (Up 4)	24. mustang (New)
8. dragon (Up 2)	17. welcome (New)	25. password1 (New)
9. 111111 (Up 3)

Naturally, if you're using any of the passwords above, you should change them immediately. Instead, you'll want to use passwords of at least eight characters or more with mixed alphanumerics, or use short words with spaces (when allowed) or other characters separating them, like "eat cake at 8!" or "car_park_city?”.

Perhaps one of the most important (yet less commonly used) measures to mitigate the risk of being exposed is to never use the same username and password combination for multiple websites. Services such as LastPass or RoboForm can generate random alphanumeric passwords for every site and store them in the cloud so you don’t have to remember them, while programs such as KeePass can safely store them locally.

Permalink to story.

https://www.techspot.com/news/50593-splashdata-posts-25-most-popular-passwords-of-2012.html

 

[VitalyT]

One I saw in too many places was: Pa$$w0rd

 

[Guest]

I have 3 main passwords that I use. All of which are around 12-15 characters.
I really hate when websites force me to add numbers and capitulations...Its pointless because most people capitalize the first letter and put a one at the end.

 

[Archean]

Funniest one I know which was for an email account contained ...... google.

 

[Jesse]

I have 3 main passwords that I use. All of which are around 12-15 characters.
I really hate when websites force me to add numbers and capitulations...Its pointless because most people capitalize the first letter and put a one at the end.

I don't think you have a good grasp on password security. You are breaking most of the rules aside from length. These are commonly agreed upon best practices for password security and are not pointless.

 

[Guest]

Darn they stole my password list

People should just use a password application, there are a ton of free ones that make things easy and secure.

 

[Gareis]

I have 3 main passwords that I use. All of which are around 12-15 characters.
I really hate when websites force me to add numbers and capitulations...Its pointless because most people capitalize the first letter and put a one at the end.

I don't think you have a good grasp on password security. You are breaking most of the rules aside from length. These are commonly agreed upon best practices for password security and are not pointless.

 

[oldikes]

Oh crap, I gotta change my password from monkey, ive been caught...
/sarcasm.

if you arent gonna do caps or numbers, at least make it a reasonably specific password.

 

[Timonius]

Ok, I know choosing strong passwords are good and making sure username and passwords vary out there. The higher end security needs REALLY need some sort of two factor authentication or better. For example some MMO's have an optional security key, some e-mail systems allow the addition of a cell phone key to tighten security, etc. My bank does not even offer this option. At this point these are all optional but in the future could be used to secure ones privacy.

Also, I do write some of my passwords down and keep them in safe places or it is written down without a clue as to what username or website or program it belongs to. They are usually randomly generated gibberish using alpha-numeric, caps and symbols exceeding 16 chars. What do some of you do?

 

[Emin3nce]

I have to admit, I hate it when websites don't let me use special characters. For instance, one of my old instance passwords was $0wh@t<You?G0nnNnnad()@bout[iT] ... When we upgraded to a new host, their archaic UI wouldn't allow it...

If you can't figure out how to program scrubs on special characters / strings in a password field, then don't f'ing code.

 

[Guest]

Working in a cubicled office environment I used to use a password made from a portion of the title of a book that sat in a certain location on a shelf behind my desk. I eventually had to use a different method as the books were popular reads among my co-workers and I'd lose track of the darned book.

 

[achromicia]

I have to say here that if companies can collate a list of passwords most commonly used, it makes me worry that a lot of websites aren't using salted password hashes...

 

[Darth Shiv]

I have 3 main passwords that I use. All of which are around 12-15 characters.
I really hate when websites force me to add numbers and capitulations...Its pointless because most people capitalize the first letter and put a one at the end.

I don't think you have a good grasp on password security. You are breaking most of the rules aside from length. These are commonly agreed upon best practices for password security and are not pointless.

Actually some of those rules are pointless. Capitalisation requires shift key press which could instead be used for additional characters in your password. Numbers, sure they can extend the keyspace you are using but decent password length is much more effective.

If you use 8 characters, upper/lowercase plus numerical digits, you have 62^8 = 2.18 x 10^14 combinations.

If you use 12 characters, all lowercase, no digits, you have 26^12 = 9.5 x 10^16 combinations.

For online systems, if they used a failed attempt lockout policy like what ATMs use, they would be far more secure.

 

[Guest]

Put a space with your spacebar in your password.