With all of the data breaches and online security scares in the last year or two, you’d think people would be more careful in choosing decent passwords.
Unfortunately, you’d be wrong. On Tuesday, SplashData released its list of the 25 most common passwords among Internet users, dubbing these as the “Worst Passwords” of 2014. And if you look at number one, you can see why there won’t be any points awarded for creativity here:
To build this year’s list, SplashData tapped Mark Burnett, an online security expert and the author of a book called “Perfect Passwords.” While this is the first year SplashData has worked with Burnett, this is the fourth year SplashData has put together this list, so there’s a little bit of continuity here.
Like last year, the top password of 2014 was “123456.” The second-most common password in 2014 was the very original “password,” and there were a number of other repeat offenders, like “12345678” and “1234.”
However, there were also a few new entries in there as well, like “baseball,” “dragon,” and “football.” The name “michael” and superheros “superman” and “batman” also enjoyed newfound popularity, landing on this list somewhere towards the bottom.
“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” said Burnett in a statement.
“The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 [per cent] of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”
In creating new passwords, the trick is to avoid anything that’s easily guessable, or that only includes numbers. Sequences are also a poor choice (for example, the first row of letters and numbers on your keyboard), even if they’re easy to remember. Other things to avoid are favourite sports, birthdays, birth years, and people’s names. Common names that made the top 50 worst passwords included “jennifer,” “thomas,” “jordan,” and of course, “michael.”
By comparison, stronger passwords might include eight characters or more, with a mix of letters, numbers, and symbols. SplashData also recommends avoiding using the same passwords for multiple sites, or to use a password manager service.