Worst passwords of 2018 revealed, '123456' retains top spot

[midian182]

Facepalm: We’ve already seen the year’s biggest password fails; now, the 100 worst passwords of 2018 have been revealed. For the fifth year in a row, “123456” remains in the number one spot and “password” is at number two, which will no doubt be welcome news to hackers.

Earlier this week, password management company Dashlane put together a list of the “worst password offenders” from this year, in which Kanye West came top for exposing his “000000” iPhone passcode during a meeting with Donald Trump. Now, software company SplashData has released its annual “worst password” list.

SplashData came up with these atrocities by analyzing over 5 million leaked passwords, most of which originate from North American and Western European users. It says around 10 percent of people have used at least one of the top 25 passwords shown here, while about 3 percent are guilty of using “123456.”

The top two worst passwords remain the same, but there are some new entries. The satanic-themed “666666” comes in at number 14, the charming if ill-advised “princess” is at 11, and “donald” ranks at number 23.

"Sorry, Mr. President, but this is not fake news -- using your name or any common name as a password is a dangerous decision," said SplashData CEO Morgan Slain. "Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online, because they know so many people are using those easy-to-remember combinations."

With so much publicity over massive data hacks, and given the large number of password managers available, Slain says it’s “a real head-scratcher” as to why people continue to use these terrible passwords.

Here are the top 25 worst passwords from Splashdata’s list:

1) 123456
2) password
3) 123456789
4) 12345678
5) 12345
6) 111111
7) 1234567
8) sunshine
9) qwerty
10) iloveyou
11) princess
12) admin
13) welcome
14) 666666
15) abc123
16) football
17) 123123
18) monkey
19) 654321
20) !@#$%^&*
21) charlie
22) aa123456
23) donald
24) password1
25) qwerty123

Permalink to story.

https://www.techspot.com/news/77864-worst-passwords-2018-revealed-123456-retains-top-spot.html

 

[Uncle Al]

Well thank goodness! At least there is one thing you can count on from year to year!

 

[petert]

Go Kanye; go Kanye ...

 

[Bill Nguyen]

What's a good way to stay secure? Password managers?
Is there some kind of add-on fingerprint dealy you can buy for a Windows PC that just let's you use it instead of a password for websites? Seems it'd be secure and convenient.

 

[DelJo63]

One of the BEST patterns for creating a good password is:

• a length of 8 or more
• at lease one Upper case character
• at lease one lower case character
• at lease one number
• and at lease one special character like {#$*+-=}

Using a prefix and suffix that is meaningful to you with separators of numbers and special chars, your favorite root pwd becomes very secure.

 

[petert]

One of the BEST patterns for creating a good password is:

• a length of 8 or more
• at lease one Upper case character
• at lease one lower case character
• at lease one number
• and at lease one special character like {#$*+-=}

Using a prefix and suffix that is meaningful to you with separators of numbers and special chars, your favorite root pwd becomes very secure.

I use keepassx and it is a pain in a@@. Whenever I need to access a website, I need to open keepassx and copy the passwords which are randomly generated, and I cannot remember them all. Not to mention that I am synchronizing the password database using dropbox - I need to pay attention and close the program each time otherwise it will lock it down or save it as a new database - a even bigger pain in the a@@ to manually merge afterwards.
Safety is painful. So, maybe we should all go Kanye ...

 

[Chesterfried]

Charlie beat out Donald?! IT'S RIGGED!

 

[DelJo63]

I use keepassx and it is a pain in a@@. Whenever I need to access a website, I need to open ...

IMO, that all argues for a pattern I can remember :grin:

 

[dj2017]

Damn, someone posted online the full list with my passwords.

 

[Lew Zealand]

Correcthorsebatterystaple

 

[BigRedPDX]

What's a good way to stay secure? Password managers?
Is there some kind of add-on fingerprint dealy you can buy for a Windows PC that just let's you use it instead of a password for websites? Seems it'd be secure and convenient.

You could try biometrics, but really all it will do is link your fingerprint to a password. I am pretty sure there are biometric scanners that are USB run.

https://www.amazon.com/dp/B078WTZJL3/?tag=httpwwwtechsp-20

 

[Axiarus]

One of the BEST patterns for creating a good password is:

• a length of 8 or more
• at lease one Upper case character
• at lease one lower case character
• at lease one number
• and at lease one special character like {#$*+-=}

Using a prefix and suffix that is meaningful to you with separators of numbers and special chars, your favorite root pwd becomes very secure.

I use keepassx and it is a pain in a@@. Whenever I need to access a website, I need to open keepassx and copy the passwords which are randomly generated, and I cannot remember them all. Not to mention that I am synchronizing the password database using dropbox - I need to pay attention and close the program each time otherwise it will lock it down or save it as a new database - a even bigger pain in the a@@ to manually merge afterwards.
Safety is painful. So, maybe we should all go Kanye ...

I use Keeper and it autofills...

 

[MustGoFishin]

Totally fake report!
I have 100's of accounts and none of them will allow 123456 or password as a password.
Any program that allows these password has nothing to protect, the information is worthless to a thief!

 

[cliffordcooley]

Charlie beat out Donald?! IT'S RIGGED!

Just think it could have been Hillary.

People using these passwords are likely still in school or have nothing to loose by using them.

 

[Malakai2k]

I can't wait for implants to become a universal thing. A physical device that you don't need to remember to take with you and that you can't lose. It's just a matter of making the hardware to read the implants available in everything.