In a year with several high profile password hacking incidents at major sites including Yahoo, LinkedIn, eHarmony, and Last.fm, SplashData's list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords.
The top three passwords, "password," "123456," and "12345678," remain unchanged from last year's list.
New entries to this year's list include "welcome, " "jesus," "ninja," "mustang, " and "password1."
"At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password,” said Morgan Slain, SplashData CEO. “We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites."
Presenting SplashData’s “Worst Passwords of 2012”, including their current ranking and any changes from the 2011 list:
1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)
SplashData’s top 25 list was compiled from files containing millions of stolen passwords posted online by hackers. The company advises consumers or businesses using any of the passwords on the list to change them immediately.
“Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets,” Slain said. “Just a little bit more effort in choosing better passwords will go a long way toward making you safer online.”
You can make passwords more secure with these tips:
- Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
- Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.
- Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.