2015’s Worst Passwords

Followers of Bach Seat know that passwords suck. For even more proof that passwords suck, the password-management company SplashData released its fifth annual list of the most popular passwords.

SplashData studied more than 2 million passwords that were leaked in 2015, and identified the most commonly leaked passwords and those that were least secure from Western European and North American users according to Business Insider.

Most of the results are not surprising.

  • 123456 is the most common password. It has been #1 since 2013.
  • Password is the second most common password. It too has been #2 since 2013. Password was the most common password in 2012 an 2011.
  • 12345678 is the third most common password found in the Splash data results. In fact 12345678 has been the most consistent performer, having been in the #3 place four of the past five years.

One surprise was that the Disney marketing machine was able to get Star Wars related terms into the top 25 worst passwords in 2015.

  1. princess
  2. solo
  3. starwars

Here’s SplashData’s full list. If your password is on here, think about changing it.

25 Worst passwords

 20152014201320122011
1123456123456
123456
password
password
2passwordpasswordpassword123456
123456
3123456781234512345678
12345678
12345678
4qwerty12345678
qwerty
1234
qwerty
512345qwertyabc123qwertyabc123
612345678912345678912345678912345
monkey
7football1234
111111dragon
1234567
81234baseball
1234567pussy
letmein
91234567dragoniloveyou
baseball
trustno1
10baseballfootballadobe123
football
dragon
11welcome1234567123123
letmein
baseball
121234567890 monkey
admin
monkey
111111
13abc123letmein
1234567890
696969
iloveyou
14111111abc123
letmeinabc123
master
151qaz2wsx111111photoshopmustang
sunshine
16dragonmustang1234michaelashley
17masteraccessmonkey
shadow
bailey
18monkeyshadow
shadowmasterpassw0rd
19letmeinmastersunshinejennifer
shadow
20loginmichael
12345
111111
123123
21princesssupermanpassword1
2000
654321
22qwertyuiop696969princessjordansuperman
23solo123123azertysupermanqazwsx
24passw0rdbatmantrustno1harleymichael
25starwarstrustno10000001234567football

PasswordTo keep your passwords secure, you definitely shouldn’t use any of the passwords on the list.

SplashData offers three simple tips to help people protect themselves:

  1. Use passwords or passphrases of twelve characters or more with mixed types of characters;
  2. Avoid using the same password over and over on different websites
  3. Use a password manager such as SplashID to organize and protect passwords, generate random passwords, and automatically log into websites.

rb-

What to do if you are responsible for securing systems where your users use these passwords? Stop Them !

This is what makes passwords suck – Implement complexity rules:

  • Minimum of 8 characters
  • Mix of characters, UPPER CASE, lower case, numbers and special characters.
  • Prevent reusing passwords
  • Black list all the above passwords so then can never be used again.

Ralph Bach has blogged from his Bach Seat about IT, careers and anything else that catches his attention since 2005. You can follow me at Facebook and Twitter. Email the Bach Seat here.

 

Comments are closed.