SplashData's fifth annual "Worst Passwords List" shows people continue putting themselves at risk
While longer passwords debut on this year's list of most commonly used passwords, they are not necessarily more secure
LOS GATOS, CA - SplashData has announced the 2015 edition of its annual "Worst Passwords List" highlighting the insecure password habits of Internet users. "123456" and "password" once again reign supreme as the most commonly used passwords, as they have since SplashData's first list in 2011, demonstrating how people's choices for passwords remain consistently risky.
In SplashData's fifth annual report, compiled from more than 2 million leaked passwords during the year, some new and longer passwords made their debut - perhaps showing an effort by both websites and web users to be more secure. However, the longer passwords are so simple as to make their extra length virtually worthless as a security measure.
For example, "1234567890", "1qaz2wsx" (first two columns of main keys on a standard keyboard), and "qwertyuiop" (top row of keys on a standard keyboard) all appear in the top 25 list for the first time, but they are each based on simple patterns that would be easily guessable by hackers.
As in past years' lists, simple numerical passwords remain common, with six of the top 10 passwords on the 2015 list comprised of numbers only.
Sports remain a popular password theme. While baseball may be America's pastime, "football" has overtaken it as a popular password. Both appear in the Top 10 of SplashData's list, with "football" climbing three spots to number seven and "baseball" dropping two spots to number 10.
When it comes to movies and pop culture, The Force may be able to protect the Jedi, but it won't secure users who choose popular Star Wars terms such as "starwars," "solo," and "princess" as their passwords. All three terms are new entries on this year's list.
Click here to download our eBook Worst Passwords: What We Have Learned From Five Years of Studying the Internet's Most Commonly Used Passwords
Other passwords appearing on the 2015 list that did not appear on the 2014 list include "welcome", "login" and "passw0rd."
SplashData, provider of password management applications including SplashID for consumers and TeamsID for businesses, releases its annual list in an effort to encourage the adoption of stronger passwords to improve Internet security. According to SplashData, the passwords evaluated for the 2015 list were mostly held by users in North America and Western Europe. The "Worst Passwords List" shows that many people continue to put themselves at risk for hacking and identity theft by using weak, easily guessable passwords.
"We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers," said Morgan Slain, CEO of SplashData. "As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites."
Presenting SplashData's "Worst Passwords of 2015":
|Rank||Password||Change from 2014|
Here are three simple tips to help you protect your team:
- Use passwords or passphrases of twelve characters or more with mixed types of characters
- Avoid using the same password over and over again on different websites
- Use a password manager to organize and protect passwords, generate random passwords, and automatically log into websites
Get started today with our 14-day free trial!