Yay! Another year of crap passwords

At around this time last year we looked at the appalling passwords chosen by far too many people. Despite public awareness of Edward Snowden generating an increased interest in bolstering digital security, Splashdata’s new annual report on the 25 most commonly used passwords in 2014 will continue to make criminal hackers’ very happy.

  1. 123456 (-)
  2. password (-)
  3. 12345 (+17 places)
  4. 12345678 (-1)
  5. qwerty (-1)
  6. 123456789 (-)
  7. 1234 (+9)
  8. baseball (NEW)
  9. dragon (NEW)
  10. football (NEW)
  11. 1234567 (-4)
  12. monkey (+5)
  13. letmein (+1)
  14. abc123 (-9)
  15. 111111 (-8)
  16. mustang (NEW)
  17. access (NEW)
  18. shadow (-)
  19. master (NEW)
  20. michael (NEW)
  21. superman (NEW)
  22. 696969 (NEW)
  23. 123123 (-12)
  24. batman (NEW)
  25. trustno1 (-1)

While trusty old ‘123456’ and ‘password’ hold onto their top places, there is a quite a bit of action lower down the chart, including quite a few new entries – perhaps people think that ‘mustang’ is more secure than ‘ilove you’? Who knows?

Now, while it is all very easy to mock those who use such ridiculously insecure passwords, there is a very serious point to be made. Last year Hold Security found 360 million stolen personal details available for sale online, and this was just one ‘representative sample’ of details found by just one security company!

We do understand that remembering a single genuinely secure password is not easy, let alone the plethora of them we each need to get by in today’s digital world, which is why password managers exist!

These programs generate and store secure passwords, integrating with your browser and syncing with your mobile phone so that you always have easy access to them, no matter which device you are using.

We favour KeePass as an excellent free and open source (FOSS) password manger with a wealth of plugins available to extend its functionality, but do recognize that it is not as user-friendly as commercial alternatives such as 1Password and LastPass (being closed source these require a level of trust in the companies, but this is still far better than using rubbish passwords!)

Those who consider even using a password manager to be too much of a hassle might want to instead consider using a YubiKey Neo, which implements the open Universal 2nd Factor protocol (FIDO U2F) promoted by the FIDO Alliance. It won’t work on all websites, but support is becoming more common, and allows you sign in to services by simply inserting the key into a USB port.

Douglas Crawford I am a freelance writer, technology enthusiast, and lover of life who enjoys spinning words and sharing knowledge for a living. Find me on Google+

Related Coverage

4 responses to “Yay! Another year of crap passwords

      1. Either you have a huge number of readers, enough to bring down the server at http://trlq.org/, or something weird is happening over there. I got a “this page not available” error when I used your http://trlq.org/passwords link and when I closed the page, I got a popup offering a special deal on VPN services – but it was unsigned and looked more like an email address harvester than a real offer. Just thought you’d want to know. Even if your readers brought down their server, that somewhat “off” unsigned offer raised an alarm. Besides, shouldn’t any passwording service use HTTPS, not HTTP? When I tried HTTPS out of curiosity, I got a warning: “Your connection is not private,” and at the bottom, “NET::ERR_CERT_AUTHORITY_INVALID” – I’m thinking maybe don’t bother to go back.

Leave a Reply

Your email address will not be published. Required fields are marked *