At the beginning of each year there are any number of “top lists” published, such as the previous year’s top people, movies, or trends. One of my favorites is passwords. SplashData, a password management company, just released its annual list of the worst passwords of 2015.
In the last few years there have been regular reports of massive security breaches and 2015 was no exception. You might think by now everyone would have started using more secure and complex passwords. Sadly, the data gathered from these security breaches shows that people are just not taking the hint.
SplashData’s list is based on over 2 million passwords that were leaked online last year. The list identifies a few trends.
Users are coming up with longer passwords – well done! Unfortunately, those longer passwords are not complex. One example is the password “1234567890” which, while 10 digits long, is more than useless as it can easily be replicated by just typing the numbers in order on a keyboard.
Another trend that has continued from previous years is the use of easily recognized words like “baseball,” “monkey,” or one of my personal favorites – “starwars.” Good passwords make, simple words do not (be sure to read that in your best Yoda voice).
[clickToTweet tweet=”Is your password one of the worst passwords of 2015? Find out now!” quote=”Is your password one of the worst passwords of 2015? ” theme=”style1″]
The List
Reproduced below for your enjoyment is Splashdata’s complete list of the 25 worst passwords for 2015:
- 123456
- password (A classic. I keep thinking this will drop off the list and yet here it is, at #2!)
- 12345678
- qwerty
- 12345
- 123456789
- football
- 1234
- 1234567
- baseball
- welcome
- 1234567890
- abc123
- 111111
- 1qaz2wsx (This may appear to be complex, however if you look on the left side of your keyboard you will see this is just a sequential list of keys from top to bottom starting with the number 1.)
- dragon
- master
- monkey (Who doesn’t love monkeys?)
- letmein
- login
- princess
- qwertyuiop
- solo
- passw0rd (The “0” isn’t fooling anyone.)
- starwars
Uh oh! My password is on this list…what do I do?
Yes, you should feel embarrassed if your password is on this list! I might log into your account just to teach you a lesson. Seriously though, if you think your password isn’t secure enough here a few basic rules you should follow to make sure your password is secure:
Make it long.
As you might imagine, there are varying opinions on how long a password should be but most information security experts agree your passwords should be at the very least 12 characters long and more often 16 characters or more. The general rule of thumb is the longer the better.
Make it random.
You should definitely avoid creating passwords that incorporate common words as these are the easiest for hackers to guess, especially if you use names of family members, pets or friends.
Make it complex.
The more complex a password is the less likely is to be compromised. Most online accounts require some form of complexity in passwords, such as including capital letters, characters, and numbers. A typical complex password might look something like this: g8ypZ[zM!c4./Dje. If you have trouble coming up with a complex password try a password generator.
Great. Now I have a long, random, complex password that I will never, ever remember.
I hear you. But don’t worry, there are any number of tools available to help you manage all of your passwords. Your best bet is to use a password manager, which allows you to store all of your passwords securely and logs into your accounts for you. A few popular options are LastPass, Dashlane and KeePass.
Obviously, making sure your online accounts are secure isn’t exactly, but following the basic rules I’ve mentioned isn’t too difficult and it’s far better than dealing with the aftermath of a hacked account.
Brian Rugg
Vice President, Think Big Go Local, Inc.
My focus is on web site design and usability, search engine optimization, and content strategy. More than just building a flashy website, I strive to make sure my work accurately reflects our clients’ brand and message to help drive sales.