In another reminder that users are always the biggest security weakness, “123456” and “password” have once again been named the most commonly used bad passwords.
In SplashData’s fifth annual “Worst Passwords List,” the company has compiled the most common weak, easily guessable passwords that leave users vulnerable to hacking and identity theft.
Pulling from more than 2 million leaked passwords revealed during the year, the list highlights just how vulnerable users are.
Some new and longer passwords made the top 25, reflecting some effort by websites, system administrators and perhaps users themselves to try to force better security practices by requiring more characters. Unfortunately, these longer passwords are so simple that the extra characters mean little, particularly given how few passwords utilize both letters and numbers.
Some new bad passwords may seem a bit more complex, for example, “1234567890,” “1qaz2wsx” (first two columns of main keys on a standard keyboard), and “qwertyuiop” (top row of keys on a standard keyboard), but are easily guessable—and clearly not quite as innovative as these users may have thought. It seems the excitement over Star Wars also had an impact: with common passwords “starwars,” “solo” and “princess,” the force of bad information security awakens.
Check out the infographic below for the top 25 worst passwords and some of SplashData’s top tips to build ones that stay off the list.