Splashdata has released its annual “worst passwords” list, where it evaluated 5 million leaked passwords to arrive at the ones most commonly used.
It may come as no surprise that—despite the barrage of media reports highlighting the importance of a strong password—the most commonly used passwords for 2018 were also the easiest for hackers to crack.
Arriving at number one, again, was “123456”. “password” came in at number two, followed by “123456789”.
Of note, “sunshine” landed at number eight with “qwerty” close behind; “iloveyou” rounded out the top ten. “Donald” also made the list this year at number 23, perhaps in reference to President Trump.
The list (you can see the full top 50 here) remains mostly unchanged from previous years, telling us that:
1. People are still using passwords that hackers can crack in microseconds
2. People aren’t updating their old passwords
In most cases, when you open up a new account it won’t allow you to use a simple password like “123456”. Often, it must be at least eight characters and include both upper case, lower case, as well as symbols.
People are, then, likely still using the same old password they created 15 years ago when password security wasn’t as strict.
By now, if you don’t know that “123456” or “football” are not secure passwords then you likely never will.
Whatever the reason for not updating them, if people aren’t willing to do it themselves, corporations should force the issue. They should make users update their passwords (some companies do this already) and ban terrible passwords altogether. For instance, take the top 100 worst passwords from Splashdata’s list and make them universally unusable. If people are already using said password, force them to log out and change it.
At least this would ensure people take the time to better secure their accounts.
Slowly but surely, password managers are becoming more common—and word is getting out about just how easy it is for hackers to crack what may seem like a ‘secure’ password. But clearly more needs to be done and most people aren’t taking notice.
Will 2019’s list differ drastically from 2018? Sadly, probably not. A strong password is one of your best defenses against hackers; with data breaches and identity theft at an all-time high, not taking it seriously is making a hacker’s job all-too-easy.