No matter how many times people are warned about the dangers of using terrible passwords, the practice is still incredibly common. That’s the conclusion of Keeper Security, a password management software firm, which has analyzed over 10 million login details leaked online through data breaches that happened in 2016.
As was the case in 2015, the most popular password is still “123456,” which made up an incredible 17 percent of those checked. This is followed in second place by the equally perplexing “123456789.” Easily guessed numbers make up eight of the top ten most popular entries, including “111111” at number five. The only good news is that the ever-present “password,” often found in the top five on these kind of lists, has now dropped to eighth position.
It's noted that seven of the top fifteen passwords are made up of six or fewer characters, allowing brute-force attacks to unscramble them within seconds.
The presence of “18atcskd2w” and “3rjs1la7qe” may seem like something of an anomaly, perhaps an indication that some people are at least trying to make things more difficult for cybercriminals. Sadly, this isn’t the case. It turns out that these more complex passwords are repeatedly used by bots when setting up dummy email accounts for spam and phishing attacks.
"Email providers could do everyone a favour by flagging this kind of repetition and reporting the guilty parties," said Keeper's researchers.
Ultimately, the top 25 passwords have barely changed over the last few years, and while most of us will blame the users who pick them, Keeper Security says that “the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.”
Really, though, everyone should just use a password manager.
Here's the complete list: