Weak Passwords: “123456” and “password” are the most commonly used worst passwords

Passwords have been the ultimate gateway standing between you and a potential hacker. However, many disregard the importance of passwords in cybersecurity.  “The Psychology of Passwords: Neglect Is Helping Hackers Win,” a new report from password management firm LastPass highlights how users are still using utterly silly and crackable passwords. And bad habits don’t stop there. The report also found that 59 percent of respondents use the same password across multiple accounts. Despite the rising costs of data breach recovery and ongoing, large-scale compromises, LastPass found that “password behaviors remain largely unchanged from two years ago.”

The report highlights how weak passwords have caused a surge in hackings and data breaches, which has raised concerns regarding security online. Internet users have been time and again advised to use strong passwords containing a combination of letters, numbers, and symbols for better security of accounts. However, it appears that all these warnings are falling on deaf ears.

According to an annual report from Splashdata, “123456” and “password” came out on the top as people’s choice of phrases to protect their accounts from hackers. Splashdata prepares a list of top 100 passwords based on the millions of aggregating passwords leaked in data breaches during the past year. The report also reveals that people use sports and film titles as their passwords, as they are easy to remember.

Apparently, more than five million passwords were leaked by hackers in 2017. The list below contains top 25 passwords and how they have fared compared to last year. Also, there are some new entries that did not appear in last year’s list.

  1. 123456 (Unchanged)
  2. Password (Unchanged)
  3. 12345678 (+1)
  4. qwerty (+2)
  5. 12345 (-2)
  6. 123456789 (New)
  7. letmein (New)
  8. 1234567 (Unchanged)
  9. football (-4)
  10. iloveyou (New)
  11. admin (+4)
  12. welcome (Unchanged)
  13. monkey (New)
  14. login (-3)
  15. abc123 (-1)
  16. starwars (New)
  17. 123123 (New)
  18. dragon (+1)
  19. passw0rd (-1)
  20. master (+1)
  21. hello (New)
  22. freedom (New)
  23. whatever (New)
  24. qazwsx (New)
  25. trustno1 (New)

Users seem to use everyday life phrases as passwords because the movie, Star Wars: The Last Jedi seems to have influenced many people’s choice of passwords such as ‘starwars.’“Unfortunately, while the newest episode may be a fantastic addition to the Star Wars franchise, ‘starwars’ is a dangerous password to use,” SplashData CEO Morgan Slain said in a press release. “Hackers are using common terms from pop culture and sports to break into accounts online because they know many people are using those easy-to-remember words.”

If you are using any of the passwords shown in the above list, we suggest you update your password to something more uncrackable. It is always good to use a combination of lower case and upper case letters interspersed with numerics and alphanumerics.

You can protect yourself by using a good quality password management software. Browsers like Safari also offers built-in password generation, and so do apps such as SplashID and LastPass. You should also enable two-factor authentication wherever possible, especially in your Gmail account because it is the kitchen sink of your every detail.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief