So sadly, but also unsurprisingly ‘123456’ is still the most common password for 2015 (based on leaked password lists) the same as it was in years before, e.g. The 25 Worst Passwords Of 2013 – “password” Is Not #1.
Way back in 2006, it clocked in at number 5 in a rather UK centric look at passwords. Interestingly, back in 2006 a weaker version of the same password was number 1, I think 6 digit password requirements hadn’t become commonplace yet.
SplashData has announced the 2015 edition of its annual “Worst Passwords List” highlighting the insecure password habits of Internet users. “123456” and “password” once again reign supreme as the most commonly used passwords, as they have since SplashData’s first list in 2011, demonstrating how people’s choices for passwords remain consistently risky.
In SplashData’s fifth annual report, compiled from more than 2 million leaked passwords during the year, some new and longer passwords made their debut – perhaps showing an effort by both websites and web users to be more secure. However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure.
The top 10 most commonly used passwords for 2015:
1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball
And as you can see this year, 8 characters minimums must have become a thing with 12345678 clocking in at 6th place.
You’d think with all the massive, extremely messy, public hacks that have taken place – people would have wised up a little. But then I always forgot the number of stupid people is a constant, so the more people come on-line or use computers, the greater the absolute number of idiots there are.
The only thing I’m glad about is that football is more popular than baseball.
As for preventing this, use a password generator (preferably the one inside your password manager, because you are using a password manager right?), use separate passwords per site (easier with a password manager), don’t use predictable passwords (yourname, yourname1 etc for each different site).
Source: SplashData
Bruno says
This kind of news does not surprise me, and that is right, this number of people is a constant, so there is difficult to prevent this.
“The only thing I’m glad about is that football is more popular than baseball.”
That is right! :) Me too!
Dan says
I would expect the main cause of these simple passwords to be from bots signing up on websites to post spam.
Darknet says
Nope, more likely humans, bots can use complex passwords and ‘remember’ them because they are state aware computer programs.