(Piranka/E+/Getty)
Internet security company SplashData has released its annual list of the worst passwords that people use for online accounts. There are the usual classics that make the list every year—”123456″ and “password” are perennial favourites—but flashy new entries like “mustang”, “dragon” and “696969” have now broken into the top 25.
Choosing a more secure password can be a hassle, and there’s evidence that even the strongest ones aren’t really that strong. Still, SplashData provides a few pointers.
- Don’t use a favorite sport as your password – “baseball” and “football” are in top 10, and “hockey,” “soccer” and “golfer” are in the top 100. Don’t use a favorite team either, as “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
- Don’t use your birthday or especially just your birth year—1989, 1990, 1991, and 1992 are all in the top 100.
- While baby name books are popular for naming children, don’t use them as sources for picking passwords. Common names such as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50.
The worst, most insecure passwords of 2014:
| 2014 Rank | Password | Change from 2013 |
|---|---|---|
| 1 | 123456 | - |
| 2 | password | - |
| 3 | 12345 | ▲ 17 |
| 4 | 12345678 | ▼ 1 |
| 5 | qwerty | ▼ 1 |
| 6 | 1234567890 | - |
| 7 | 1234 | ▲ 9 |
| 8 | baseball | new |
| 9 | dragon | new |
| 10 | football | new |
| 11 | 1234567 | ▼ 4 |
| 12 | monkey | ▲ 5 |
| 13 | letmein | ▲ 1 |
| 14 | abc123 | ▼ 9 |
| 15 | 111111 | ▼ 8 |
| 16 | mustang | new |
| 17 | access | new |
| 18 | shadow | - |
| 19 | master | new |
| 20 | michael | new |
| 21 | superman | new |
| 22 | 696969 | new |
| 23 | 123123 | ▼ 12 |
| 24 | batman | new |
| 25 | trustno1 | ▼ 1 |
For the truly paranoid, password-management software—such as the kind that SplashData sells—is usually the most practical option (other providers include LastPass and 1Password). Password managers will generate long random passwords for all your accounts and remember them in an encrypted database for you. There’s no perfect password—yet—but you can take some sensible steps to secure your data. “trustno1” is a terrible password, but pretty good advice.
MORE ON PASSWORDS:
