Followers of Bach Seat know that passwords suck. For even more proof that passwords suck, the password-management company SplashData released its fifth annual list of the most popular passwords. SplashData studied more than 2 million passwords that were leaked in 2015 and identified the most commonly leaked passwords and those that were least secure from Western European and North American users according to Business Insider.
2015’s worst passwords
Most of the 2015 results are not surprising.
- 123456 is the most common password. It has been #1 since 2013.
- Password is the second most common password. It too has been #2 since 2013. Password was the most common password in 2012 and 2011.
- 12345678 is the third most common password found in the Splash data results. In fact, 12345678 has been the most consistent performer, having been in the #3 place four of the past five years.
One surprise was that the Disney marketing machine was able to get Star Wars related terms into the top 25 worst passwords in 2015.
- princess
- solo
- starwars
Here’s SplashData’s full list. If your password is on here, think about changing it.
25 Worst passwords
| 2015 | 2014 | 2013 | 2012 | 2011 | |
|---|---|---|---|---|---|
| 1 | 123456 | 123456 | 123456 | password | password |
| 2 | password | password | password | 123456 | 123456 |
| 3 | 12345678 | 12345 | 12345678 | 12345678 | 12345678 |
| 4 | qwerty | 12345678 | qwerty | 1234 | qwerty |
| 5 | 12345 | qwerty | abc123 | qwerty | abc123 |
| 6 | 123456789 | 123456789 | 123456789 | 12345 | monkey |
| 7 | football | 1234 | 111111 | dragon | 1234567 |
| 8 | 1234 | baseball | 1234567 | pussy | letmein |
| 9 | 1234567 | dragon | iloveyou | baseball | trustno1 |
| 10 | baseball | football | adobe123 | football | dragon |
| 11 | welcome | 1234567 | 123123 | letmein | baseball |
| 12 | 1234567890 | monkey | admin | monkey | 111111 |
| 13 | abc123 | letmein | 1234567890 | 696969 | iloveyou |
| 14 | 111111 | abc123 | letmein | abc123 | master |
| 15 | 1qaz2wsx | 111111 | photoshop | mustang | sunshine |
| 16 | dragon | mustang | 1234 | michael | ashley |
| 17 | master | access | monkey | shadow | bailey |
| 18 | monkey | shadow | shadow | master | passw0rd |
| 19 | letmein | master | sunshine | jennifer | shadow |
| 20 | login | michael | 12345 | 111111 | 123123 |
| 21 | princess | superman | password1 | 2000 | 654321 |
| 22 | qwertyuiop | 696969 | princess | jordan | superman |
| 23 | solo | 123123 | azerty | superman | qazwsx |
| 24 | passw0rd | batman | trustno1 | harley | michael |
| 25 | starwars | trustno1 | 000000 | 1234567 | football |
Protect yourself
To keep your passwords secure, you definitely shouldn’t use any of the passwords on the list.
SplashData offers three simple tips to help people protect themselves:
- Use passwords or passphrases of twelve characters or more with mixed types of characters;
- Avoid using the same password over and over on different websites
- Use a password manager such as SplashID to organize and protect passwords, generate random passwords, and automatically log into websites.
rb-
What to do if you are responsible for securing systems where your users use these passwords? Stop Them!
This is what makes passwords suck – Implement complexity rules:
- Minimum of 8 characters
- A mix of characters, UPPER CASE, lower case, numbers, and special characters.
- Prevent reusing passwords
- Blacklist all the above passwords so they can never be used again.
Related articles
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.