Level 49
Content Creator
The first and second placed “worst passwords of 2015” once again were “123456” and “password,” highlighting an ongoing security problem associated with using simple credentials to log-in to online accounts, according to SplashData.

Every year the password management firm trawls the web for plain text password dumps, and publishes its findings to illustrate the importance of creating strong credentials.

In 2015 it found over two million such passwords – mostly coming from hacks, breaches or leaks and linked to users in North America and Western Europe. Around 3% were represented in the Top 25.

Aside from the top two, which remained unchanged from last year, SplashData reported “12345678” in third place and “qwerty” in fourth, with “12345” rounding out the top five.

The top 25 ‘worst’ passwords list also contained easy-to-guess words such as popular sports (football, baseball), and even some new Star Wars-related credentials (solo, princess, starwars).

SplashData’s advice is to use passwords or passphrases of 12 characters of more with a mix of characters, and to avoid reusing them on different sites. A password manager is recommended to simplify the process and create random, strong credentials.

AlienVault security advocate, Javvad Malik, claimed poor password management can undermine all the good security work done by a website or app developer.

“The reason why these common passwords are so dangerous is that it gives an attacker an easy way to get into accounts,” he added. “It's similar to having a master key that you know will work on at least 10% of the houses on your street.”

Brian Spector, CEO of Miracl, argued that the industry “needs to get over passwords altogether.”

“They don’t scale for users, they don’t protect the service itself and they are vulnerable to a myriad of attacks,” he added.

“However, there are cryptographic security advancements available in the authentication space today, that combine multi-factor-authentication with excellent ease of use that delight customers.”


Defies belief:rolleyes::rolleyes:


Level 19
It doesn't matter if one has two-factor or billion-factor authentication securing their online accounts, if he/she cannot take the time to choose and safely store (e.g. encrypted password manager, or in physical locations) a secure password... :D
I guess many cases of accounts getting compromised are justified after all. :rolleyes:


Level 23
My previous company always prompt their employees to change their computer PW every 3 mths. That's a real pain but deem necessary to ensure their PW wasn't compromised and impact company's information. So what I do is I keep on increasing the character of the same PW...

Personally, my PW length varies. My "award-winning" PW is 32-char with a combo of Caps and symbols and No. + Number Theory. :D


Level 11
Even though suggested and warned by sites every time, they use password for their convenience not for security. Rather than thinking of using strong passwords, surmising what the worst could happen even if their password is stolen or the account is hacked.

Some of my friends even use the 'password' with some variations as passwords.:D


Level 61
In my experience there are many passwords that primarily considered weak because they tend to connect it from the name of company with random numbers or name of employee.

In our school, the password on WiFi library is the name of librarian, which technically impractical but because no one manage to test the crack of passwords then it remains to be vulnerable.


Many people choose "password" and "123456" as a string to secure their accounts...amazing! I can understand that some people don't use two-factor authentication, very safe but maybe some difficult. However, at least choose a more complex alphanumeric sequence wouldn't so bad!


Level 61
We should not surprise that every year, an article related to this will be given to 123456 as worst password at all; because simple numbers are tend to recall than pure words.

Usually numbers can bind with their own different meaning whereas on words are sometimes prone to forget.


Level 1
Everyone could make a password as a combination of capital and small letters and figures. It is not so difficult but is is safe.