January 27, 2014

The Top 25 Most Commonly-Used Passwords on the Internet

Shh. The password is "PASSWORD"...

SplashData, a leading provider of password management applications, recently published their "Top 25" list of most commonly used password on the internet.  copyrightjoestrazzere

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 1234567890
  14. letmein
  15. photoshop
  16. 1234
  17. monkey
  18. shadow
  19. sunshine
  20. 12345
  21. password1
  22. princess
  23. azerty
  24. trustno1
  25. 000000

SplashData's top 25 list was compiled from files containing millions of stolen passwords posted online during the previous year. The company advises consumers or businesses using any of the passwords on the list to change them immediately.

SplashData suggests making passwords more secure with these tips:
Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology, and random combinations like "j%7K&yPx$" can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases -- short words with spaces or other characters separating them. It's best to use random words rather than common phrases. For example, "cakes years birthday" or "smiles_light_skip?" 
Avoid using the same username/password combination for multiple websites.  Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites. Use different passwords for each new website or service you sign up for.

So "iloveyou" isn't a good password? That's a shame. How about "iloveyou2"? Fortunately, nothing I use resembles anything on this list.

My biggest gripe about passwords is that each website has their own rules for password construction, and many of them are far too constrictive. I know of many sites that don't permit certain special characters. I even know of one very prominent financial institution which limits passwords to just 12 characters! In my opinion, that's simply not enough for constructing a strong password/passphrase.

Is it too much to ask for at least 64 characters, and permitting alphanumeric characters and all special characters?

How about you? Are you comfortable with the passwords you use? Any of the passwords in the above list look familiar?

Image courtesy of Salvatore Vuono / FreeDigitalPhotos.net

This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://AllThingsQuality.com/.

No comments:

Post a Comment