Terms of Use For FixedByVonnie

By proceeding to access fixedByVonnie.com, you expressly acknowledge, and agree to, all of the following:

fixedByVonnie.com is a personal website and blog owned by Security Plus Pro LLC, which is being presented for informational purposes only. The views on this website are solely those of the website owner (and not those of any employer or of any professional associations affiliated with the website owner).  Any views expressed in this website and any information presented on this website, or in any of its blog entries, should not be relied on for any purpose whatsoever other than as the personal opinions of the website owner.  The website owner expressly disclaims any and all liability for any information presented on this site.  The owner of this website and its blog posts shall not be held liable, and shall be held harmless, for any errors or omissions in any information or representations contained in this website, or in any of its blog entries.  The website owner also expressly disclaims any liability for the current or future availability of any such information. The website owner makes no representations as to the accuracy or completeness of any information on this website or which may be found by following any link on this website. The website owner shall not be held liable for any losses, injuries, damages, claims, or causes of action, from the display or use of any information on this website or in any of its blog entries. If you use the information on this website, or on any of its blog entries, you do so solely at your own risk.

The worst passwords of 2014 - fixedByVonnie

The worst passwords of 2014

This post will either make you blush or boast.

Ready for it?

You’ll blush if you find your password in SplashData’s enumeration of last years worst passwords.

You’ll boast if your password isn’t in the list and then you’ll tease the people who blushed for being dolts.


Using a strong password is a big freggin’ deal.  Just look in the media.

But I didn’t leave you hanging for the vultures.  I demonstrated how to make sure your email account wasn’t hacked and how to make sure your password is both strong and memorable and how to keep your passwords safe.

Hopefully that helped.

I think it was Albert Einstein who said:

Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.

Before you look at the worst password of 2014 I want to do a little test with me.

I bet you can guess the worst password without even reading another word.  It’s that obvious.  It’s that bad.  And it’s that embarrassing.

The worst password of 2014

I’ve given you the armaments of war to do battle against the bad guys.  But when I saw the latest report from SplashData news I almost couldn’t contain myself.

SplashData combed over 3.3 million passwords indigenous to North America and Western Europe and this is what it scooped up from the septic tank of bad passwords:

The worst password of 2011 was:


The worst password of 2012 was…

wait for it…


And the worst password for 2013?

Any takers?


What about 2014?


Let’s think about this:

This stupid password takes absolutely zero thought to create.  Just drag your scaly index finger across the number row of your keyboard and click submit.

But this is the thing: I don’t completely blame users for using such silly passwords.  I blame the web applications for not enforcing stronger complexity.  The web applications and services we use ought to protect us from ourselves.  It’s the same logic behind why stoves are higher than the reach of a child and why Ctrl + Alt + Del is placed where it is on the keyboard (to prevent accidental reboots).

If I try to change my password to 123456 I should get a length error and a recommendation for fortifying my password.

Here are a few ways to make sure you’re using a strong password:

Beefing up passwords

You can generate a random password using an operating system like Linux but there are simpler ways online.

Check out the Secure Password Generator from Symantec’s PC Tools or Lasspass.  Both are good ways to introduce complexity.

Your second option is to use smart applications like Microsoft’s Telepathwords or Strong Passwords Need Entropy by Ed Dantes.

Microsoft Telepathwords

After generating your password use a password vault such as LastPass or Dashlane to guard your treasures.  I’ve been using LastPass for months now and I’m not aware of any issues.

Incidentally, the password called “password” is also a perennial favorite among people who don’t care about having their identities stolen or reputations ruined.  Why would you change your password to the word “password”?

No one will ever guess that! Security through obscurity doesn’t work

The Bottom Line

As long as software companies allow users to use insecure passwords, users will use insecure passwords.  It doesn’t matter that the password 123456 and “password” are equivalent to using no password at all.  If strong passwords aren’t enforced, people will use bad judgement.

I’ll bet you can’t guess what the worst password will be for 2015…


Connect with Vonnie on Twitter

Posted in News Tagged with: ,