‘123456’ wins Worst Passwords of 2013 Award

Douglas Crawford

Douglas Crawford

January 22, 2014

Mobile password management firm Splashdata has released its annual list of the 25 most common passwords found on the internet, finding that ‘123456’ has knocked the 2012 winner ‘password’ off the dubious number one slot.


The other ‘winners’ are:

Rank Password Change from 2012
11 123123 Up 5
12 Admin New
120 123456789 New
14 letmein Down 7
15 photoshop New
16 1234 New
17 monkey Down 11
18 shadow Unchanged
19 sunshine Down 5
20 12345 New
22 password1 Up 4
23 princess New
24 trustno1 Down 12
25 000000 New

Splashdata’s CEO Morgan Slain notes that an ‘interesting aspect of this year’s list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies’. In addition to this he noted that ‘Seeing passwords like “adobe123” and “photoshop” on this list offers a good reminder not to base your password on the name of the website or application you are accessing’.

It is truly enough to make any security professional cry. Fortunately, help is at hand…

Some advice on choosing a secure password

Okay, we have all been told this often enough to make us want to pull our hair out – we should use long complex passwords, with combinations of standard letters, capitals and numbers… and we should use a different such password for each service we use… arrgh! Given that many of us find remembering our own name in the morning challenging (as this survey clearly shows), this kind of advice can be considered next to useless.

There are however some fairly easy methods you can use to help improve your password security…

Low tech solutions

  • Insert a random space into your password – this simple measure greatly reduces the chances of anyone cracking your password. Not only does it introduce another mathematical variable into the equation, but most would-be crackers assume that passwords consist of one contiguous word, and therefore concentrate their efforts in that direction
  • Use a phrase as your password – even better, this method lets you add lots of spaces and use many words in an easy to remember manner. Instead of having ‘pancakes’ as your password, you could have ‘I usually like 12 pancakes for breakfast’ instead, to immensely increase your security
  • Use more than 4 numbers in your PIN – where possible, use more than four numbers for your PINs. As with adding an extra space to words, this makes the code mathematically much harder to break, and most crackers work on the assumption that only 4 numbers are used.

High tech solutions

Where mortals fear to tread, software developers jump in with both feet! There are a plethora of password management programs available, but our pick of the bunch are:

  • Firefox password manager – the password manager built into Firefox is one of the easiest ways to store your passwords for each website you visit, and it works very well. Do be aware however that you should set a master password to prevent just anyone peeking at your passwords in Firefox’s options dialogue. In addition to this, it is probably a god idea to back up your Firefox passwords every now and again
  • KeePass (multi-platform) – this popular free and open source password manager will generate complex passwords for you and store them behind AES or Twofish encryption. It is a shame that KeePass doesn’t integrate with your browser, but it is possible to import saved Firefox passwords into it. KeePass itself is Windows only, but KeepassX is an open source clone for OSX and Linux, as are iKeePass for iOS and Keepass2Android for Android.
Exclusive Offer
Get NordVPN for only
Get NordVPN for only