Yay! Another year of crap passwords

Douglas Crawford

Douglas Crawford

January 21, 2015

At around this time last year we looked at the appalling passwords chosen by far too many people. Despite public awareness of Edward Snowden generating an increased interest in bolstering digital security, Splashdata’s new annual report on the 25 most commonly used passwords in 2014 will continue to make criminal hackers’ very happy.

  1. 123456 (-)
  2. password (-)
  3. 12345 (+17 places)
  4. 12345678 (-1)
  5. qwerty (-1)
  6. 123456789 (-)
  7. 1234 (+9)
  8. baseball (NEW)
  9. dragon (NEW)
  10. football (NEW)
  11. 1234567 (-4)
  12. monkey (+5)
  13. letmein (+1)
  14. abc123 (-9)
  15. 111111 (-8)
  16. mustang (NEW)
  17. access (NEW)
  18. shadow (-)
  19. master (NEW)
  20. michael (NEW)
  21. superman (NEW)
  22. 696969 (NEW)
  23. 123123 (-12)
  24. batman (NEW)
  25. trustno1 (-1)

While trusty old ‘123456’ and ‘password’ hold onto their top places, there is a quite a bit of action lower down the chart, including quite a few new entries – perhaps people think that ‘mustang’ is more secure than ‘ilove you’? Who knows?

Now, while it is all very easy to mock those who use such ridiculously insecure passwords, there is a very serious point to be made. Last year Hold Security found 360 million stolen personal details available for sale online, and this was just one ‘representative sample’ of details found by just one security company!

We do understand that remembering a single genuinely secure password is not easy, let alone the plethora of them we each need to get by in today’s digital world, which is why password managers exist!

These programs generate and store secure passwords, integrating with your browser and syncing with your mobile phone so that you always have easy access to them, no matter which device you are using.

We favour KeePass as an excellent free and open source (FOSS) password manger with a wealth of plugins available to extend its functionality, but do recognize that it is not as user-friendly as commercial alternatives such as 1Password and LastPass (being closed source these require a level of trust in the companies, but this is still far better than using rubbish passwords!)

Those who consider even using a password manager to be too much of a hassle might want to instead consider using a YubiKey Neo, which implements the open Universal 2nd Factor protocol (FIDO U2F) promoted by the FIDO Alliance. It won’t work on all websites, but support is becoming more common, and allows you sign in to services by simply inserting the key into a USB port.