The “Worst Passwords of 2015" list is out, and if you're using one or more of these passwords, it's time to get a new one. SplashData’s fifth annual worst passwords report, compiled from more than 2 million leaked passwords during the year, shows that while some things have changed a little, all in all people are still using the same easy to guess passwords. Here's the list, you can read the whole report here.
1. 123456
2. password
3. 12345678
4. qwerty
5. 12345
6. 123456789
7. football
8. 1234
9. 1234567
10. baseball
11. welcome
12. 1234567890
13. abc123
14. 111111
15. 1qaz2wsx
16. dragon
17. master
18. monkey
19. letmein
20. login
21. princess
22. qwertyuiop
23. solo
24. passw0rd
25. starwars
We are looking for people with skills or interest in the following areas:
Comments
I know 1qaz2wsx can be vulnerable because it's a short but I don't think it's as guessable as the others. I wonder why it made the list? What am I missing?
iqaz2wsx is a simple 'keyboard walk'. It is similar to qwerty. Keyboard walks are extremely common and well known to hackers.
The rule of thumb is, "If you can think of a way to build a safe password, its probably already known to bad guys."
Always use 'random' character strings that include as many characters and types of characters permitted in your target application. Beware of apps that can regenerate a password based upon your simple input. For hackers who also have access to the app, your security will actually be only equal to the input string. If you use such an app, consider substituting a few characters, making the result safer.
Yes, hackers can detect passwords that include edited characters. Like passw0rd. Don't do this,either, especially with common words or names.
Password security is a complex and important topic. You should read a lot about it and appreciate the power of statistics or mathematical algorithms.
Re: "I know 1qaz2wsx can be vulnerable because it's a short but I don't think it's as guessable as the others. I wonder why it made the list? What am I missing?"
Follow your fingers as you type those characters. It's the first two columns on the keyboard. That makes it just about the same as "qwertyuiop[]\".
@fredp and Bruce_Fraser,
Thank you for taking the time to explain. I see what I was missing now. I never heard of this "keyboard walk". Thanks again.
BTW, I use the password generator in Keepass. I think that should be good enough for me.
With the easy access to free password manager programs (most of which have generators) there is really no excuse for not having strong security for personal data. Frankly I'm surprised that anyone using the password "welcome" would have the intelligence to even power up a computer.
Adam: Why the password is **** in ATMs?
John: So that if someone is standing behind you, he can't see it?
Adam: But it's still **** even if there is nobody standing behind me.