Passwords You Should Avoid Using…

You tell your employees all the time about good password policies. You may be able to rattle off in your sleep “unique, long strings of varied characters with multiple numbers, capitals, and special characters.” But just how many people are heeding the call for better security? Has the public started taking cybersecurity seriously?

Well, not really—common passwords and password habits are still pretty bad. But there’s still hope. Much like a glacier, there has been some small, measurable movement in the right direction.

Recently, a password-management application provider, has released a list of the worst passwords in use.  Putting the spotlight on the poor password habits of Internet users. Unbelievably, the most terrible—and most common—passwords remain the same: “123456” and “password.”

Despite all of the warnings and notifications that have attempted to permeate the public consciousness, people are still using these risky and unsafe options, leading to the conclusion that they either don’t know or don’t care about the great risk such weak passwords pose to their data.

If you use any of the following passwords, PLEASE—go change them now!

25. starwars
24. passw0rd
23. solo
22. qwertyuiop
21. princess
20. login
19. letmein
18. monkey
17. master
16. dragon
15. 1qaz2wsx
14. 111111
13. abc123
12. 1234567890
11. welcome
10. baseball
9. 1234567
8. 1234
7. football
6. 123456789
5. 12345
4. qwerty
3. 12345678
2. password
1. 123456

This list was compiled from over two million leaked passwords over the course of 2015, and some interesting trends have emerged.

First, it appears that users have begun to create longer passwords, perhaps a result of new site requirements that specify as much. In doing so, however, users have managed to render these longer passwords just as useless as shorter ones with perfectly predictable patterns, often dictated by a simple swipe of a finger over the keyboard in one direction.

Next, it’s obvious that sports are still top-of-mind among bad-password creators. “football” and “baseball” are top-ten offenders, but how they are ranked tells an even more interesting story. For the first time, “baseball” has dropped in this lists’ rankings while “football” has risen, of course we are at the height of football season.

Filling out the rest of this list of poor passwords are flights of the fantastic--perhaps the antithesis of a sound cybersecurity strategy but perhaps a good indicator of what’s on the mind of those hitting the Internet. Star Wars permeated pop culture once again in 2015, and words like “solo”, “princess”, and “starwars” all made the list. The Force isn’t with these poor passwords, though. There’s also “dragon”—because who doesn’t think dragons are cool—coming in at number 16.

These types of short, searchable, identifiable and specific words are some of the all-time worst for password management, and often used across multiple sites, exponentially putting the user at risk like dominoes falling in a line. Hackers use algorithms to plug in these words as easily as turning a key—all they need is the opportunity.

The industry has seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers. As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”

Here are three tips for better password security:

  • Use passwords or passphrases of twelve characters or more with mixed types of characters
  • Avoid using the same password over and over again on different websites
  • Use a password manager to organize and protect passwords, generate random passwords and automatically log into websites


Need advice on new IT projects? Want tips for speeding up and securing your network? Call us at (484) 753-7200 for IT advice.