Rachel King at ZDNet’s Zero Day writes that the recent data breaches at LinkedIn, Last.fm, and eHarmony has put passwords back in the spotlight. Unfortunately, many people still rely on “password” to secure their digital identity. Antivirus software provider ESET noted some recent work by IT security consultant Mark Burnett who has compiled a list of the “top 500 worst (aka most common) passwords” based on a variety of methods he has detailed on his blog. The entire list is available here (ZIP).
25 Worst passwords
| 2012 | 2011 |
| password | password |
| 123456 | 123456 |
| 12345678 | 12345678 |
| 1234 | qwerty |
| qwerty | abc123 |
| 12345 | monkey |
| dragon | 1234567 |
| pussy | letmein |
| baseball | trustno1 |
| football | dragon |
| letmein | baseball |
| monkey | 111111 |
| 696969 | iloveyou |
| abc123 | master |
| mustang | sunshine |
| michael | ashley |
| shadow | bailey |
| master | passw0rd |
| jennifer | shadow |
| 111111 | 123123 |
| 2000 | 654321 |
| jordan | superman |
| superman | qazwsx |
| harley | michael |
| 1234567 | football |
rb-
Approximately 2/3’s of the worst passwords stayed the same between 2011 and 2012. Are your users’ passwords on this list? If so, it’s safe to say you should consider a password change policy to force them into using a stronger password.
I have written about passwords since at least 2010 – here, here, and here. When will they listen?
Related articles
- Hackers collect significant account details from Blizzard servers (arstechnica.com)
- Passwording: checklists versus heuristics (blogs.securiteam.com)
Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.