{"id":89761,"date":"2018-12-17T19:24:00","date_gmt":"2018-12-18T00:24:00","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-11-28T16:09:41","modified_gmt":"2021-11-28T21:09:41","slug":"the-10-worst-passwords-of-2018","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/the-10-worst-passwords-of-2018\/","title":{"rendered":"The 10 Worst Passwords of 2018"},"content":{"rendered":"<p><a href=\"https:\/\/drchromo.wordpress.com\/2014\/03\/29\/to-ask-or-not-to-ask-what-is-the-question\/\" target=\"_blank\" rel=\"10 2018 passwords the worst noopener of noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignleft\" title=\"The 10 Worst Passwords of 2018\" src=\"https:\/\/drchromo.files.wordpress.com\/2014\/03\/q3.jpg?resize=121%2C79\" alt=\"The 10 Worst Passwords of 2018\" width=\"121\" height=\"79\" \/><\/a>It is the end of 2018 and we have <strong>learned nothing<\/strong> from the massive <a href=\"https:\/\/www.theguardian.com\/technology\/2018\/apr\/08\/facebook-to-contact-the-87-million-users-affected-by-data-breach\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Facebook<\/strong><\/a> and <strong><a href=\"https:\/\/www.cbsnews.com\/news\/marriott-data-breach-starwood-properties-reservation-database-hack-500-million-guests-data-name-phone-passport-numbers-today-2018-11-30-live-updates\/\" target=\"_blank\" rel=\"noopener noreferrer\">Marriott<\/a><\/strong> <a href=\"https:\/\/www.businessinsider.com\/data-breaches-2018-4\" target=\"_blank\" rel=\"noopener noreferrer\">data<\/a> <a href=\"https:\/\/www.healthcareitnews.com\/projects\/biggest-healthcare-data-breaches-2018-so-far\" target=\"_blank\" rel=\"noopener noreferrer\">leaks<\/a> and <a href=\"https:\/\/www.statista.com\/statistics\/273550\/data-breaches-recorded-in-the-united-states-by-number-of-breaches-and-records-exposed\/\" target=\"_blank\" rel=\"noopener noreferrer\">numerous<\/a> <a href=\"https:\/\/www.businessinsider.com\/data-breaches-2018-4\" target=\"_blank\" rel=\"noopener noreferrer\">other hacks<\/a>. California-based password-management company <a href=\"http:\/\/www.splashdata.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>SplashData<\/strong><\/a> released its 2018 <strong>100 worst passwords<\/strong> based on 5 million leaked passwords on the internet.<\/p>\n<p><a href=\"http:\/\/www.splashdata.com\/\" target=\"_blank\" rel=\"splashdata noopener noreferrer\"><\/a>Few people have switched things up. People continue to use <strong>the same hacked passwords<\/strong> time and time again.\u00a0Topping the list of <strong>terrible passwords<\/strong> were &#8220;<strong>123456789<\/strong>&#8221; at No. 3, &#8220;<strong>password<\/strong>&#8221; at No. 2, and &#8220;<strong>123456<\/strong>&#8221; at No. 1. 2018 marked the fifth-straight year that &#8220;123456&#8221; and &#8220;password&#8221; kept their top two spots on the SlashData list.<\/p>\n<p>1. 123456<br \/>\n2. password<br \/>\n3. 1<a href=\"https:\/\/lenspeaks.blogspot.com\/2015\/08\/the-sunday-memory-drawer-summer-games.html\" target=\"_blank\" rel=\"password noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright\" title=\"Password\" src=\"https:\/\/i0.wp.com\/3.bp.blogspot.com\/-gjMrbW10s7A\/VbprUx5yquI\/AAAAAAAAOyc\/PVdeqdh_s14\/s400\/password.jpg?resize=228%2C114&#038;ssl=1\" alt=\"Password\" width=\"228\" height=\"114\" \/><\/a>23456789<br \/>\n4. 12345678<br \/>\n5. 12345<br \/>\n6. 111111<br \/>\n7. 1234567<br \/>\n8. sunshine<br \/>\n9. qwerty<br \/>\n10. iloveyou<\/p>\n<p>There are only 2 new entries in the 10 worst passwords, the highly unsecure &#8220;111111&#8221; at number 6 and &#8220;sunshine&#8221; at number 8.<\/p>\n<p>SplashData estimates 10% of people have used at least one of the 25 worst passwords on this year&#8217;s list, with roughly 3% of internet users rely on the worst password, &#8220;123456.&#8221;<\/p>\n<p>Don&#8217;t congratulate yourself yet if your passwords didn&#8217;t make SlpashData&#8217;s top 10 most used and least secure passwords of 2018. Check out the rest of SplashData&#8217;s list of 100 worst passwords. If your password made the worst 100 worst passwords list this year,<strong> you should change it<\/strong>.<\/p>\n<p><em><strong>rb-<\/strong><\/em><\/p>\n<p><em>Password advice has changed about as quickly as people&#8217;s passwords &#8211; <strong>NOT MUCH<\/strong> but worth repeating &#8230;..<\/em><\/p>\n<ul>\n<li><em><a href=\"https:\/\/web.archive.org\/web\/20210909190836\/http:\/\/www.mythweb.com\/encyc\/entries\/sisyphus.html\" target=\"_blank\" rel=\"noopener noreferrer\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" class=\"alignright wp-image-92074\" src=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2018\/12\/sisyphus.gif?resize=102%2C102&#038;ssl=1\" alt=\"sisyphus\" width=\"102\" height=\"102\" srcset=\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2018\/12\/sisyphus.gif?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2018\/12\/sisyphus.gif?resize=75%2C75&amp;ssl=1 75w\" sizes=\"auto, (max-width: 102px) 100vw, 102px\" \/><\/a>Use <strong>passphrases<\/strong> of twelve characters or more with mixed types of characters.<\/em><\/li>\n<li><em>Use <strong>different passphrases\u00a0for each account<\/strong>.\u00a0if a hacker gets access to one of your passwords, they will not be able to use it to use other sites and you only have to change that password instead of 50 of them,<\/em><\/li>\n<li><em>Use a <strong>password manager<\/strong> to generate and store your passwords and automatically log into websites.<\/em><\/li>\n<li><em>Set up <strong>two-factor authentication<\/strong>, especially when it\u2019s generated on a phone app like <a href=\"https:\/\/en.wikipedia.org\/wiki\/Google_Authenticator\" target=\"_blank\" rel=\"noopener noreferrer\">Google Authenticator<\/a> or on a small hardware device like <a href=\"https:\/\/www.yubico.com\/\" target=\"_blank\" rel=\"noopener noreferrer\"><strong>Yubikey<\/strong><\/a>, can add an extra layer of security.<\/em><\/li>\n<\/ul>\n<p><em><a href=\"https:\/\/www.imperva.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Imperva<\/a> <a href=\"https:\/\/www.imperva.com\/learn\/application-security\/brute-force-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">points out<\/a> that <strong>5% of all successful attacks<\/strong> are using\u00a0<b>brute force<\/b>\u00a0to guess a user or an administrator password. Brute force attacks do this with repeated login attempts using every possible letter, number, and character combination to guess a password.<\/em><\/p>\n<p><em>Because most individuals have many accounts and many passwords, people tend to repeatedly use a few simple passwords. This leaves them exposed to brute force attacks. <strong>Email accounts<\/strong> protected by <strong>weak passwords<\/strong> are particularly valuable to hackers. They may be connected to additional accounts, and can also be used to restore passwords. <\/em><\/p>\n<p><em>Attackers use specialized hardware to perform efficiently guess user passwords. <strong>Cryptocurrency mining rigs<\/strong> with graphics processing units (<strong>GPUs)<\/strong> and application-specific integrated circuits (<strong>ASICs<\/strong>) can be very effective in quick repetitive tasks like password guessing.<\/em><\/p>\n<p><em>Imperva recommends a number of steps that an administrator can take to protect users from brute force password cracking:<\/em><\/p>\n<ul>\n<li><em><strong>Lockout policy<\/strong>\u2014you can lock accounts after several failed login attempts and then unlock it as the administrator.<\/em><\/li>\n<li><em><strong>Progressive delays<\/strong>\u2014you can lockout accounts for a limited amount of time after failed login attempts. Each attempt makes the delay longer.<\/em><\/li>\n<li><em><strong>Captcha<\/strong>\u2014tools like reCAPTCHA require users to complete simple tasks to log into a system. Users can easily complete these tasks while brute force tools cannot.<\/em><\/li>\n<li><em><strong>Requiring strong passwords<\/strong>\u2014you can force users to define long and complex passwords.<\/em><\/li>\n<li><em><strong>Two-factor authentication<\/strong>\u2014you can use multiple factors to authenticate identity and grant access to accounts.<\/em><\/li>\n<\/ul>\n<h6>Related articles<\/h6>\n<ul>\n<li><a href=\"https:\/\/wp.me\/p2wgaW-lBE\" target=\"_blank\" rel=\"noopener\">300 Billion Passwords <\/a>(<a href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat)<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><em><a title=\"Ralph Bach\" href=\"https:\/\/rbach.net\/index.php\/new-resume\/\" target=\"_blank\" rel=\"noopener noreferrer\">Ralph Bach<\/a>\u00a0has been in IT long enough to know better and has blogged from his\u00a0<a title=\"Bach Seat\" href=\"https:\/\/rbach.net\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bach Seat<\/a> about IT, careers, and anything else that catches his attention since 2005. You can follow him on <a class=\"broken_link\" href=\"http:\/\/www.linkedin.com\/in\/rb48334\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">LinkedIn<\/a>,\u00a0<a href=\"https:\/\/www.facebook.com\/ralph.bach.14\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>,\u00a0and\u00a0<a href=\"https:\/\/twitter.com\/rbach48334\" target=\"_blank\" rel=\"noopener noreferrer\">Twitter<\/a>. Email the Bach Seat\u00a0<a href=\"mailto:\/\/bach.seat@gmail.com\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>People continue to use the same hacked passwords time and again worst passwords of 2018 are password &#038; 123456 says Splashdata<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[3046,2682,3149,2541,4,2351,3150],"class_list":["post-89761","post","type-post","status-publish","format-standard","hentry","category-security","tag-3046","tag-2fa","tag-bad","tag-passwords","tag-security","tag-splashdata","tag-yubikey"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/89761","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/comments?post=89761"}],"version-history":[{"count":7,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/89761\/revisions"}],"predecessor-version":[{"id":131836,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/posts\/89761\/revisions\/131836"}],"wp:attachment":[{"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/media?parent=89761"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/categories?post=89761"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/rbach.net\/index.php\/wp-json\/wp\/v2\/tags?post=89761"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}