Besides the usual suspects among the worst of passwords, a handful of notable – but similarly poor – choices make their debuts.
Password security company SplashData has released its annual list of the most commonly used passwords on the web, and the picture isn’t pretty.
The number one spot belongs to ‘123456’, which is followed by another maddeningly obvious choice, ‘password’. In fact, these two are stalwarts of the most common passwords, having claimed the first two spots for the fifth year in a row.
The next five places are occupied by some of the easiest-to-remember (and guess) assortments of numbers. The coldness of numbers contrasts with some of the next highly-popular choices – ‘sunshine’, ‘iloveyou’ and ‘princess’, with the first and the third of them representing new additions to the list. Unfortunately, despite oozing oodles of optimism, these passwords don’t inspire much confidence in that the netizens using them cultivate some of the most fundamental cyber-hygiene habits. Also new among the top 25 are ‘666666’, ‘charlie’, and ‘donald’, among others.
|Rank||Password||Change from 2017|
Source: SplashData’s Top 100 Worst Passwords of 2018
SplashData estimates that no fewer than 10 percent of people “have used at least one of the 25 worst passwords on this year’s list”. In addition, almost 3 percent of people are estimated to have used the most common poor password, ‘123456’.
A cursory look at SplashData’s extended list of the 100 most common passwords shows that almost all of them are short numerical strings or keyboard patterns, first names or words that appear in any English dictionary, and sports or pop culture references. This year’s edition of the ranking is based on more than five million passwords leaked by computer users mostly in North America and Western Europe.
It goes without saying that if your password made it among those most common password choices, you would be very well advised to change it. A video and several articles with tips for coming up with far more secure passwords are below.
No matter how stubborn, however, a password is still only a single barrier between your account and a hacker. This is why it’s worth enabling an extra layer of security by adding an extra authentication factor, particularly for accounts that contain Personally Identifiable Information (PII) or other important data.
written by Tomas Foltyn, ESET We Live Security