A company called SplashData compiles an annual listing of the most popular passwords, based on passwords leaked in high profile data breaches over the previous year which targeted EU and U.S. users.
As might be expected, the "awards" for 2014 indicate a large number of users are still using very bad passwords -- passwords which are obvious, guessable, and/or ubiquitous. Unaware of the risk they are putting themselves at, many users cleverly opted to make "123456" or "password" their password of choice. Those top two passwords were actually unchanged since 2013.
A handful of new numeric passwords such as "696969" hit the list. As usual famous ficitional characters also popped up as new entries -- notably "batman" and "superman" (sort of like the infamous "darthvader", which wasn't on this year's list) made the ranking, as well. The full list is:
- 123456 (Unchanged from 2013)
- password (Unchanged)
- 12345 (Up 17)
- 12345678 (Down 1)
- qwerty (Down 1)
- 1234567890 (Unchanged)
- 1234 (Up 9)
- baseball (New)
- dragon (New)
- football (New)
- 1234567 (Down 4)
- monkey (Up 5)
- letmein (Up 1)
- abc123 (Down 9)
- 111111 (Down 8)
- mustang (New)
- access (New)
- shadow (Unchanged)
- master (New)
- michael (New)
- superman (New)
- 696969 (New)
- 123123 (Down 12)
- batman (New)
- trustno1 (Down 1)
If you're using one of these passwords, slap your palm to your forehead and then go change it immediately because you are putting your online data at risk. SplashData may be a bit of a biased party (its goal is to sell users on its LastPass competitor, SplashID), but its points are sound. You should use non-obvious passwords that are:
- long
- mix letters, numbers, and special characters
- vary from site to site
A simple rule of thumb is to never use a simple numeric sequence, well known name, or dictionary word for a password. You've been warned.
