The worst passwords of 2014

This post will either make you blush or boast.

Ready for it?

You’ll blush if you find your password in SplashData’s enumeration of last years worst passwords.

You’ll boast if your password isn’t in the list and then you’ll tease the people who blushed for being dolts.

Listen.

Using a strong password is a big freggin’ deal.  Just look in the media.

But I didn’t leave you hanging for the vultures.  I demonstrated how to make sure your email account wasn’t hacked and how to make sure your password is both strong and memorable and how to keep your passwords safe.

Hopefully that helped.

I think it was Albert Einstein who said:

Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.

Before you look at the worst password of 2014 I want to do a little test with me.

I bet you can guess the worst password without even reading another word.  It’s that obvious.  It’s that bad.  And it’s that embarrassing.

The worst password of 2014

I’ve given you the armaments of war to do battle against the bad guys.  But when I saw the latest report from SplashData news I almost couldn’t contain myself.

SplashData combed over 3.3 million passwords indigenous to North America and Western Europe and this is what it scooped up from the septic tank of bad passwords:

The worst password of 2011 was:

123456

The worst password of 2012 was…

wait for it…

123456

And the worst password for 2013?

Any takers?

123456

What about 2014?

123456

Let’s think about this:

This stupid password takes absolutely zero thought to create.  Just drag your scaly index finger across the number row of your keyboard and click submit.

But this is the thing: I don’t completely blame users for using such silly passwords.  I blame the web applications for not enforcing stronger complexity.  The web applications and services we use ought to protect us from ourselves.  It’s the same logic behind why stoves are higher than the reach of a child and why Ctrl + Alt + Del is placed where it is on the keyboard (to prevent accidental reboots).

If I try to change my password to 123456 I should get a length error and a recommendation for fortifying my password.

Here are a few ways to make sure you’re using a strong password:

Beefing up passwords

You can generate a random password using an operating system like Linux but there are simpler ways online.

Check out the Secure Password Generator from Symantec’s PC Tools or Lasspass.  Both are good ways to introduce complexity.

Your second option is to use smart applications like Microsoft’s Telepathwords or Strong Passwords Need Entropy by Ed Dantes.

Microsoft Telepathwords

After generating your password use a password vault such as LastPass or Dashlane to guard your treasures.  I’ve been using LastPass for months now and I’m not aware of any issues.

Incidentally, the password called “password” is also a perennial favorite among people who don’t care about having their identities stolen or reputations ruined.  Why would you change your password to the word “password”?

No one will ever guess that! Security through obscurity doesn’t work

The Bottom Line

As long as software companies allow users to use insecure passwords, users will use insecure passwords.  It doesn’t matter that the password 123456 and “password” are equivalent to using no password at all.  If strong passwords aren’t enforced, people will use bad judgement.

I’ll bet you can’t guess what the worst password will be for 2015…

About

Connect with Vonnie on Twitter

Posted in News Tagged with: ,