This post will either make you blush or boast.
Ready for it?
You’ll blush if you find your password in SplashData’s enumeration of last years worst passwords.
You’ll boast if your password isn’t in the list and then you’ll tease the people who blushed for being dolts.
Using a strong password is a big freggin’ deal. Just look in the media.
- Remember last year when I told you over 5 million Gmail passwords were allegedly leaked?
- Remember when I showed you that over 7 million Dropbox accounts were allegedly hacked?
But I didn’t leave you hanging for the vultures. I demonstrated how to make sure your email account wasn’t hacked and how to make sure your password is both strong and memorable and how to keep your passwords safe.
Hopefully that helped.
I think it was Albert Einstein who said:
Only two things are infinite, the universe and human stupidity, and I’m not sure about the former.
Before you look at the worst password of 2014 I want to do a little test with me.
I bet you can guess the worst password without even reading another word. It’s that obvious. It’s that bad. And it’s that embarrassing.
The worst password of 2014
I’ve given you the armaments of war to do battle against the bad guys. But when I saw the latest report from SplashData news I almost couldn’t contain myself.
SplashData combed over 3.3 million passwords indigenous to North America and Western Europe and this is what it scooped up from the septic tank of bad passwords:
The worst password of 2011 was:
The worst password of 2012 was…
wait for it…
And the worst password for 2013?
What about 2014?
Let’s think about this:
This stupid password takes absolutely zero thought to create. Just drag your scaly index finger across the number row of your keyboard and click submit.
But this is the thing: I don’t completely blame users for using such silly passwords. I blame the web applications for not enforcing stronger complexity. The web applications and services we use ought to protect us from ourselves. It’s the same logic behind why stoves are higher than the reach of a child and why Ctrl + Alt + Del is placed where it is on the keyboard (to prevent accidental reboots).
If I try to change my password to 123456 I should get a length error and a recommendation for fortifying my password.
Here are a few ways to make sure you’re using a strong password:
Beefing up passwords
You can generate a random password using an operating system like Linux but there are simpler ways online.
Check out the Secure Password Generator from Symantec’s PC Tools or Lasspass. Both are good ways to introduce complexity.
Incidentally, the password called “password” is also a perennial favorite among people who don’t care about having their identities stolen or reputations ruined. Why would you change your password to the word “password”?
No one will ever guess that! Security through obscurity doesn’t work
The Bottom Line
As long as software companies allow users to use insecure passwords, users will use insecure passwords. It doesn’t matter that the password 123456 and “password” are equivalent to using no password at all. If strong passwords aren’t enforced, people will use bad judgement.
I’ll bet you can’t guess what the worst password will be for 2015…