“Password” and “123456” are still among the worst passwords being used on the internet, exposing millions of users to being hacked or having their identities stolen, according to research released this week from security services company SplashData.
The most common passwords, compiled from more than 3.3 million leaked passwords during last year, show users are not heeding advice to create more unique and secure codes.
Both “password” and “123456” have held the top two spots each year since SplashData’s first list in 2011. The list also shows the continued popularity of numerical passwords and single words such as ‘football’, ‘dragon’ and ‘monkey’.
The passwords evaluated by SplashData were from users in North America and Western Europe.
Bill Mann, chief product officer at data security firm Centrify, told SmartCompany hacking was becoming more common and good, unique passwords were the key to protecting yourself against such a hack.
“The reason having a unique password is important is to keep the bad guys out,” says Mann. “They know what passwords to try and they will try them.”
“It’s kind of like putting a cheap padlock on your front door,” Mann adds.
Mann says the best passwords use a combination of letters, numbers and capitalisation, and are often best based on phrases or sentences well known to the user.
“Use a phrase or a sentence that means something to you so you can remember, not your kid’s name,” he says.
Mann also highly recommends using different passwords for each account you have. He says businesses can also take advantage of services like Centrify, which control employee’s access through one central account, meaning staff only need to remember one password.
Sieng Chye Oh, malware researcher at digital protection company ESET, also agreed a good password is the first line of defence against digital theft.
“In the digital age, keeping your online property secure is just as important as your physical possessions,” he says.
“You wouldn’t leave your front door open, so why make it easy for people to get into your email, bank or Wi-Fi?”
His top tip for creating a strong password involves using an acronym of your favourite saying, interspersed with numbers and symbols, so it looks like gibberish.
“An example could be “roses are red and violets are blue” and if your favourite number is 10, you could set your password as “”10RaR&VaB10”. This is both long and extremely difficult to guess, but very easy to remember,” he says.
Rank | Password | Change in rank |
1 | 123456 | No Change |
2 | password | No Change |
3 | 12345 | Up 17 |
4 | 12345678 | Down 1 |
5 | qwerty | Down 1 |
6 | 123456789 | No Change |
7 | 1234 | Up 9 |
8 | baseball | New |
9 | dragon | New |
10 | football | New |
11 | 1234567 | Down 4 |
12 | monkey | Up 5 |
13 | letmein | Up 1 |
14 | abc123 | Down 9 |
15 | 111111 | Down 8 |
16 | mustang | New |
17 | access | New |
18 | shadow | Unchanged |
19 | master | New |
20 | michael | New |
21 | superman | New |
22 | 696969 | New |
23 | 123123 | Down 12 |
24 | batman | New |
25 | trustno1 | Down 1 |