If you think you’re being clever by basing your password on the site you’re visiting or adding a zero to the end of 123456789, you’re not. A new list of the 25 worst passwords, culled from public dumps of passwords stolen in data breaches, shows that these are some of the least useful passwords you can come up with. The good news is that “password” is no longer the most popular bad password. The bad news is that the new loser is even worse.

The most often-used password found in public password dumps in 2013 was “123456″, about as far as you can get away from being a complex password. The list, complied by SplashData, shows that “password”, which had been the most popular bad password for several years, feel to number two, while several variations of consecutive digits were also found in the top 10. The list reads like a primer on how to devise miserable passwords guaranteed to fall to a brute-force attack.

One of the major contributors to the database of publicly available user passwords was the Adobe data breach, which affected nearly three million users. A number of the passwords found in the top 25 list are clearly related to Adobe accounts, including “photoshop” and “adobe123″. The Adobe password list also contains a sad litany of lazy, simple passwords. For example:

  • 123456 
  • 123456789
  • password
  • adobe123
  • 12345678
  • qwerty
  • 1234567
  • 111111
  • photoshop
  • 123123

These passwords violate pretty much every generally accepted piece of advice experts give about constructing strong passwords. No capital letters, no special characters, consecutive digits, etc. In short, these are the passwords that attackers hope for when they are trying to compromise a user’s account. And, unfortunately, it’s often what they get.

Categories: Data Breaches, Hacks, Web Security

Comment (1)

  1. Mike Max Lewis
    1

    As long as people continue choosing the weakest of passwords and then reusing them everywhere, our passwords and usernames are still going to be a major target for hackers. I use Passwordbox on my computer and phone to manage unique passwords for everything (it auto-syncs!), so even if one of them is cracked in a hack (unlikely given the complexity), it’s not going to effect any other accounts. Only way I’ve found to manage 120+ accounts without going nuts.

Comments are closed.