‘Worst passwords’ don’t fool hackers
The list of this year’s 25 “worst” passwords says a lot about us.
“Starwars” (No. 16) reflects a resurgent force in popular culture.
“Whatever” (No. 23) and “letmein” (No. 7) seem to speak to an exasperation with online security itself.
And “password” (No. 2) speaks to our collective lack of creativity.
They are among the 11 new entrants to the annual “worst passwords” list, compiled by SplashData, a company that creates applications for password management and security. The popularity and simplicity of those passwords pose risks for those who use them, the company said.
“Hackers know your tricks, and merely tweaking an easily guessable password does not make it secure,” Morgan Slain, SplashData’s chief executive, said in a news release. “Our hope is that our Worst Passwords of the Year list will cause people to take steps to protect themselves online.”
The analysis was based on more than 5 million leaked passwords, most of them used by people in North America and Western Europe.
New entrants to the list this
year included “iloveyou,” “monkey,” “hello,” “freedom,” “qazwsx” and “trustno1.”
Some, but not all, websites and services impose stringent requirements to prevent users from selecting passwords that are insecure.
Strong, effective passwords should be relatively long and unique, experts say. They can be meaningless strings of characters, numbers and punctuation or, as has become popular in recent years, full sentences that are easy to remember but hard to guess.
Password managers can also be used to help keep track of passwords for different websites and services.
While the SplashData list differs from those compiled by others, it reflects a theme common to such analyses: People often use strings of sequential numbers as their passwords.
As in 2016, “123456” led the SplashData list. The slightly more complex “12345678” ranked third and “12345” ranked fifth, followed by “123456789” in sixth place and “1234567” in eighth.
The company estimated that nearly 3 percent of people have used the worst password on the list and almost 10 percent have used one of the worst 25.