“123456” is still the most common password that is used online. That’s despite numerous security experts warning against using simple passwords.
Make it stop. We have some advice for people who are too lazy to think up secure passwords.
From Yahoo to Dropbox, we saw a ton of massive data breaches come to light in 2016.
Cybersecurity firm Keeper sieved through 10 million passwords that were made public through data breaches in 2016. With that information, the company released a list of the most common passwords that were used last year.
Even after years of security experts banging on about why we shouldn’t sequential string of letters and numbers, along with dictionary terms, as passwords (that are easily brute forced), a lot of people aren’t listening.
So surprise, surprise, “123456”, “123456789” and “qwerty” won the gold, silver and bronze medals, respectively. Last year, “12345678” took first place while both “123456789” and “qwerty” made an appearance on the 2015 list.
Nearly 17% of the accounts analysed used “123456” as the password. The top 25 passwords made up over 50% of the 10 million passwords that Keeper looked at. Here’s the full list:
- 123456
- 123456789
- qwerty
- 12345678
- 111111
- 1234567890
- 1234567
- password
- 123123
- 987654321
- qwertyuiop
- mynoob
- 123321
- 666666
- 18atcskd2w
- 7777777
- 1q2w3e4r
- 654321
- 555555
- 3rjs1la7qe
- 1q2w3e4r5t
- 123qwe
- zxcvbnm
- 1q2w3e
If You’re Using Any Of The Passwords On The List… It’s Time To Stop
Seriously. Stop.
It might be easy to remember those common passwords, but you might as well open your door wide open and let burglars into your house.
If you think you have nothing online that would be of interest to hackers, it’s time to stop.
If you think it’s too hard to make up complex passwords for your online accounts, it’s time to stop.
If you can’t be bothered changing your password because you’ve had it for years, it’s time to stop.
When you use these common passwords for one account, chances are you’ve reused them on another ones that could be more valuable for criminals. These criminals may also take your personal information that is contained within compromised accounts for things like identify theft. By using different passwords for different online accounts, you can minimise the damage done.
There are a lot of tools that you can use to easily generate and store passwords for your different online accounts. Get yourself a password manager. Lastpass is a favourite over here at Lifehacker. We have a beginner’s guide right here.
You’ll still need to think up one master password to access your password manager, but for Pete’s sake please don’t make that “123456”.
Do any of the entries on the list surprise you? Do you know someone who still uses weak passwords? Let us know in the comments.
Comments
6 responses to “The 25 Most Common Passwords Of 2016 Are Still Garbage”
Thats why I use Password1
I purposely use easy passwords for account I don’t care about. I don’t use them on accounts that matter, bank, paypal, email etc. But what do I care if someone posts comments using my lifehacker password or my secondary email that I use to subscribe to stuff I don’t care about
I’d suggest the most common passwords for any time period will be garbage – even if they were considered secure passwords like:
TG^%&%&H6y786gbbfgbfhyufyghfg 334%%^&
If that happened to be in the top 25 it wouldn’t be secure now would it?
Help me out here, I don’t know why 15 and 20 are so popular. am I missing something?
Hiya!
This was addressed in the Keeper report I linked in the article:
“Why Is 18atcskd2w such a popular password? According to Security Researcher, Graham Cluley, these accounts were created by bots, perhaps with the intention of posting spam onto the forums.”
Might be the same thing for #20.
Hope this helps!
Spandas
My favorite is still from XKCD: “correct-horse-battery-staple”
One problem with this is: most banks only use a 4- to 5-digit PIN.