Worst passwords: Is yours on this year’s list?

WASHINGTON — Some people never learn. And, by the way, they’re not very creative.

The 2014 list of worst Internet passwords, as compiled by the security company SplashData, shows many users continue to put themselves at risk with weak, easily guessable passwords.

The worst password of the year, for the second year running: “123456.”

The annual report is compiled from more than 3.3 million leaked passwords during the year.

The second-worst password on the list: “password.”

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” says security expert Mark Burnett, author of “Perfect Passwords.”

“The good news is that it appears that more people are moving away from using these passwords,” says Burnett. “In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

As in past lists, simple numerical passwords remain common, with nine of the top 25 passwords composed of numbers only.

Any password using numbers alone should be avoided, especially sequences, says Morgan Slain, CEO of SplashData.

“As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure,” says Slain.

Passwords appearing for the first time on the annual list are “696969,” “batman” and “access.”

Other tips from the list:

  •  Don’t use a favorite sport or team for a password — “baseball,” and “football” are in the top 10, while “hockey,” “soccer,” “golfer,” “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
  • Don’t use your birthday or especially just your birth year — 1989, 1990, 1991, and 1992 are all in the top 100.
  • Be careful using childrens’ names as passwords — “michael,” “jennifer,” “thomas,””jordan,””hunter,””michelle,””charlie,””andrew,” and “daniel” are all in the top 50.

SplashData’s list of “Worst passwords of 2014”

  1. 123456  (unchanged from 2013)
  2. password  (unchanged)
  3. 12345  (up 17)
  4. 12345678  (down 1)
  5. qwerty  (down 1)
  6. 1234567890 (unchanged)
  7. 1234  (up 9)
  8. baseball  (new)
  9. dragon  (new)
  10. football  (new)
  11. 1234567  (down 4)
  12. monkey  (up 5)
  13. letmein  (up 1)
  14. abc123  (down 9)
  15. 111111  (down 8)
  16. mustang  (new)
  17. access  (new)
  18. shadow  (unchanged)
  19. master  (new)
  20. michael  (new)
  21. superman  (new)
  22. 696969  (new)
  23. 123123  (down 12)
  24. batman  (new)
  25. trustno1  (down 1)

Follow @WTOP and @WTOPtech on Twitter and WTOP’s Facebook Page.

 

 

 

Neal Augenstein

Neal Augenstein has been a general assignment reporter with WTOP since 1997. He says he looks forward to coming to work every day, even though that means waking up at 3:30 a.m.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up