The worst passwords in the world -- is yours on the list?

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Did you resolve to increase your security in 2015? If the list of top passwords used in 2014 is anything to go by, a lot of people should have had this right at the top of their list of New Year's resolutions. Security and password firm SplashData has published its annual list of the most common (worst, in other words) passwords that are in use.

If there's anything positive to be taken from this terrifying list of insecurity, it's that 'password' is still not the most used password out there. It only slipped to second place last year to be replaced by '123456'. The top two positions remain the same this year, so there's not really that much cause for celebration. But the list makes for interesting reading, particularly when you consider these (supposedly) security-conscious times we live in.

If you're wondering how the list was compiled, SplashData collected together data about millions of stolen passwords that were posted online. Some of the new entries in the top 25 list are worryingly weak -- that's not to say that this list contains any passwords that would be considered strong by anyone of sane mind, but "access"? Come on, people!

No fewer than ten of the most popular passwords comprise only numbers. Of course, we're not talking about random digits here, but instead predictable patterns such as 123123, 111111, and (snigger) 696969. If that little giggle seemed childish, it's not entirely out of place -- many of the passwords have a rather childish feel to them: "monkey", "master", "superman", and "batman". Urgh.

Here's the full list in all its disturbing, insecure glory;
  1. 123456 (Unchanged from 2013)
  2. password (Unchanged)
  3. 12345 (Up 17)
  4. 12345678 (Down 1)
  5. qwerty (Down 1)
  6. 1234567890 (Unchanged)
  7. 1234 (Up 9)
  8. baseball (New)
  9. dragon (New)
  10. football (New)
  11. 1234567 (Down 4)
  12. monkey (Up 5)
  13. letmein (Up 1)
  14. abc123 (Down 9)
  15. 111111 (Down 8)
  16. mustang (New)
  17. access (New)
  18. shadow (Unchanged)
  19. master (New)
  20. michael (New)
  21. superman (New)
  22. 696969 (New)
  23. 123123 (Down 12)
  24. batman (New)
  25. trustno1 (Down 1)
 

Oxygen

Level 44
Verified
Feb 23, 2014
3,316
Smash your head on your keyboard a couple of times, save the password to LastPass. You will now have one of the most secure passwords in history.


tim-eric-mind-blown-__squarespace_cacheversion1316658161000.gif
 
Last edited:
D

Deleted member 21043

My passwords are pretty strong. They are random and completely unrelated to me, so it would be hard to guess it. I slightly change them for every website, however each one cannot be guessed for each site after knowing one due to the changes in it.

For example, my password could be hello99182 but then on another website i would be 99hello821. (this is not my password or the numbers, just using it for a example).

But, then for another website it could be a completely different number combination in a different order, or there might not even be a real "word" at all, just random characters.

Must admit, my password to this forum is fairly simple. Even if I was hacked, everyone would know anything posted by the hacker wasn't me because it would be obvious unless they used: my writing style, etc. Otherwise, if they tried to do something bad it would be obvious it wasn't me.
 

Nico@FMA

Level 27
Verified
May 11, 2013
1,687
My passwords are pretty strong. They are random and completely unrelated to me, so it would be hard to guess it. I slightly change them for every website, however each one cannot be guessed for each site after knowing one due to the changes in it.

For example, my password could be hello99182 but then on another website i would be 99hello821. (this is not my password or the numbers, just using it for a example).

But, then for another website it could be a completely different number combination in a different order, or there might not even be a real "word" at all, just random characters.

Must admit, my password to this forum is fairly simple. Even if I was hacked, everyone would know anything posted by the hacker wasn't me because it would be obvious unless they used: my writing style, etc. Otherwise, if they tried to do something bad it would be obvious it wasn't me.

Well a good password is only being used once per account. Yet that same security is also limited as a attackers have often enough time and resources to run a automated script doing their evil things. So in time your password that consists out of a combi at least16 chars "Abc123and !@#" (As example) is in the end not a inch safer then 0000logmein.
However a strong password will take time to be cracked and most login functions within websites and online services will deny repeated requests which buys you enough time to detect a break in.
But really if they want they will crack your pass. And often its not the pass itself that gets broken, as even the easy ones proof to be pretty difficult if people do not know what they are looking for and thats why hackers become masters in social engineering as people often do not realize how much data one could find on the net about a person if they where looking for it.
And the good thing is? It has been posted by the person who owns the password and account.
Think about it.
 

Dani Santos

From Xvirus
Verified
Top Poster
Developer
Well-known
Jun 3, 2014
1,136
Well a good password is only being used once per account. Yet that same security is also limited as a attackers have often enough time and resources to run a automated script doing their evil things. So in time your password that consists out of a combi at least16 chars "Abc123and !@#" (As example) is in the end not a inch safer then 0000logmein.
However a strong password will take time to be cracked and most login functions within websites and online services will deny repeated requests which buys you enough time to detect a break in.
But really if they want they will crack your pass. And often its not the pass itself that gets broken, as even the easy ones proof to be pretty difficult if people do not know what they are looking for and thats why hackers become masters in social engineering as people often do not realize how much data one could find on the net about a person if they where looking for it.
And the good thing is? It has been posted by the person who owns the password and account.
Think about it.
so "strong" is a strong password? :cool:
 
D

Deleted member 21043

Well a good password is only being used once per account. Yet that same security is also limited as a attackers have often enough time and resources to run a automated script doing their evil things. So in time your password that consists out of a combi at least16 chars "Abc123and !@#" (As example) is in the end not a inch safer then 0000logmein.
However a strong password will take time to be cracked and most login functions within websites and online services will deny repeated requests which buys you enough time to detect a break in.
But really if they want they will crack your pass. And often its not the pass itself that gets broken, as even the easy ones proof to be pretty difficult if people do not know what they are looking for and thats why hackers become masters in social engineering as people often do not realize how much data one could find on the net about a person if they where looking for it.
And the good thing is? It has been posted by the person who owns the password and account.
Think about it.
Yeah, you are totally right. A determined hacker will always try and find a way, though... To crack it. Shame really.
 
  • Like
Reactions: Sr. Normal

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Surely those worst passwords are already at the database tools for using any brute force attacks to crack it as possible.

But again lots of weak passwords which related to their birthday, name, or basic words that can be easily hack so better yet use password generators. :p
 

StriderHunterX

Level 5
Verified
Well-known
Jan 10, 2015
207
Smash your head on your keyboard a couple of times, save the password to LastPass. You will now have one of the most secure passwords in history.

LOL......I tried that. *Looks at broken Logitech Keyboard* :(

Seriously,though-My password tactic is the longer,the better.My character minimum is 15 and each time,I add another one....

You can never be safe on the internet.Aside from Last Pass,I have an old solution-Excel Worksheet(secured),stashed on my backup external HDD.

Also,change them frequently(every 3 months or so...)
 
  • Like
Reactions: Oxygen
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top