The 25 Most Common Passwords on the Internet Are…

The single most popular password is “password.”

The 18th most popular is “passw0rd.”

Notice the zero? So do hackers. Splashdata has compiled a list of the most used passwords from files containing millions of stolen passwords posted by hackers online.

Why are stolen passwords online? Cyber Monday Shoppers, take note: Credentials are compromised in a two-step process. The first is through some bit of malware installed on your computer that will log each keystroke as you type it and transmit it to the hacker’s far off server. Those passwords, along with usernames, are sold in groups of thousands to criminals who use them to break into your account. It could be your email, your work network, PayPal, or even your bank.

At companies, a rigid password policy is the responsibility of the network admin, but if you discover that you can use “password,” or something just as obvious, you’d be wrong if you think you’re cheating the system. Password cracking is a highly lucrative enterprise; once your password is compromised, your only line of defense is that it’s just one of so many in the hands of criminals. It’s a grain of sand on a beach.

How to Remember a Complex Password

The reason we use a simple password is obvious: It’s easy to remember. In the example of “password,” the reminder is often to the left of the entry box. But a complex password doesn’t have to be difficult to remember. You’ll also want a combination of capital letters, words not found in the dictionary, and numbers.  The best way to do this is come up with a sentence that includes all of this. Sentences are short narratives that people can remember much easier than random letters.  For example:

“I love my 15 year-old cat, Marpie.”

Include the quotes and the spaces. This password far exceeds the recommended minimum standards for password complexity, yet you’re likely to remember it even when you close this story.

Here are the top 25 passwords used in 2011.  Do you see yours?

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9.  trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

Comments

  1. BY Mike says:

    I know a company that recently implemented “password complexity”.

    Rule number 1. the pwrd will be a fixed length; 8 characters.
    Rule number 2. the pwrd will begin with a number
    Rule number 3. the next 7 will be letters, not case sensitive, few, if any, special characters allowed

  2. BY Jeremy F. says:

    Personally I prefer question/answer challenges, but not easy ones like “what is your birthday?” or “what is your mother’s first name?”. If I have a choice I go with things like “what is the color of your first car?” or “what was your GPA in junior high for math class?”. Mainly questions that are not going to be easy to obtain the answers and certainly not ones you have talked about the answers to anyone online. Phrases are some of the best though given they are very difficult to replicate and brute force. The problem I have seen though is many online sites still do not accept sufficient length passwords and only hash the passwords then do a basic does hash X equal hash Y comparison. Realistically we need to be using more advanced encryption schemes to protect information and encode it on a zero-knowledge policy, if feasible. If not, then at minimum use encryption that encodes data with public/private cryptography.

Post a Comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>