Rachel King at ZDNet’s Zero Day writes that the recent data breaches at LinkedIn, Last.fm and eHarmony has put passwords back in the spotlight. Unfortunately many people still rely on “password” to secure their digital identity. Antivirus software provider ESET noted some recent work by IT security consultant Mark Burnett who has compiled a list of the “top 500 worst (aka most common) passwords” based on a variety of methods he has detailed on his blog. The entire list is available here (ZIP).
25 Worst passwords
The 25 worst passwords of 2012 compared to 2011.
2012 2011
password
password
123456
123456
12345678
12345678
1234
qwerty
qwerty
abc123
12345
monkey
dragon
1234567
pussy
letmein
baseball
trustno1
football
dragon
letmein
baseball
monkey
111111
696969
iloveyou
abc123
master
mustang
sunshine
michael
ashley
shadow
bailey
master
passw0rd
jennifer
shadow
111111
123123
2000
654321
jordan superman
superman qazwsx
harley michael
1234567 football
2012 data from xato.net and 2011 data from SplashData.com
rb-
Approximately 2/3′s of the worst passwords stayed the sa
me between 2011 and 2012. Are your users passwords on this list? If so, it’s safe to say you should consider a password change policy to force them into using a stronger password.
I have written about passwords since at least 2010 – here, here and here. When will they listen?
Related articles
- Hackers collect significant account details from Blizzard servers (arstechnica.com)
- Passwording: checklists versus heuristics (blogs.securiteam.com)
Thanks for the great info