The Top ‘Worst’ Password of 2015 is ‘123456’ Again

Venustus

Level 59
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Dec 30, 2012
4,809
The first and second placed “worst passwords of 2015” once again were “123456” and “password,” highlighting an ongoing security problem associated with using simple credentials to log-in to online accounts, according to SplashData.

Every year the password management firm trawls the web for plain text password dumps, and publishes its findings to illustrate the importance of creating strong credentials.

In 2015 it found over two million such passwords – mostly coming from hacks, breaches or leaks and linked to users in North America and Western Europe. Around 3% were represented in the Top 25.

Aside from the top two, which remained unchanged from last year, SplashData reported “12345678” in third place and “qwerty” in fourth, with “12345” rounding out the top five.

The top 25 ‘worst’ passwords list also contained easy-to-guess words such as popular sports (football, baseball), and even some new Star Wars-related credentials (solo, princess, starwars).

SplashData’s advice is to use passwords or passphrases of 12 characters of more with a mix of characters, and to avoid reusing them on different sites. A password manager is recommended to simplify the process and create random, strong credentials.

AlienVault security advocate, Javvad Malik, claimed poor password management can undermine all the good security work done by a website or app developer.

“The reason why these common passwords are so dangerous is that it gives an attacker an easy way to get into accounts,” he added. “It's similar to having a master key that you know will work on at least 10% of the houses on your street.”

Brian Spector, CEO of Miracl, argued that the industry “needs to get over passwords altogether.”

“They don’t scale for users, they don’t protect the service itself and they are vulnerable to a myriad of attacks,” he added.

“However, there are cryptographic security advancements available in the authentication space today, that combine multi-factor-authentication with excellent ease of use that delight customers.”

Source

Defies belief:rolleyes::rolleyes:
 

DracusNarcrym

Level 20
Verified
Top Poster
Well-known
Oct 16, 2015
970
It doesn't matter if one has two-factor or billion-factor authentication securing their online accounts, if he/she cannot take the time to choose and safely store (e.g. encrypted password manager, or in physical locations) a secure password... :D
I guess many cases of accounts getting compromised are justified after all. :rolleyes:
 

CMLew

Level 23
Verified
Well-known
Oct 30, 2015
1,251
My previous company always prompt their employees to change their computer PW every 3 mths. That's a real pain but deem necessary to ensure their PW wasn't compromised and impact company's information. So what I do is I keep on increasing the character of the same PW...

Personally, my PW length varies. My "award-winning" PW is 32-char with a combo of Caps and symbols and No. + Number Theory. :D
 

shukla44

Level 13
Verified
Top Poster
Well-known
Jan 14, 2016
601
Even though suggested and warned by sites every time, they use password for their convenience not for security. Rather than thinking of using strong passwords, surmising what the worst could happen even if their password is stolen or the account is hacked.

Some of my friends even use the 'password' with some variations as passwords.:D
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
In my experience there are many passwords that primarily considered weak because they tend to connect it from the name of company with random numbers or name of employee.

In our school, the password on WiFi library is the name of librarian, which technically impractical but because no one manage to test the crack of passwords then it remains to be vulnerable.
 
L

LabZero

Many people choose "password" and "123456" as a string to secure their accounts...amazing! I can understand that some people don't use two-factor authentication, very safe but maybe some difficult. However, at least choose a more complex alphanumeric sequence wouldn't so bad!
 

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
We should not surprise that every year, an article related to this will be given to 123456 as worst password at all; because simple numbers are tend to recall than pure words.

Usually numbers can bind with their own different meaning whereas on words are sometimes prone to forget.
 

hnbp16

Level 1
Verified
Oct 26, 2015
15
Everyone could make a password as a combination of capital and small letters and figures. It is not so difficult but is is safe.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top