News

Dumb and dumber: The annual list of most-guessable passwords

Consumers are more worried than ever about the security of their data — but just as likely as ever to put it in criminal hands by using weak passwords.

January 21, 2016

SplashData, a provider of password management applications, has announced its annual list of the 25 most common passwords found on the Internet.

The passwords "123456" and "password" remained in first and second place on this year's list, which was compiled from more than 3.3 million passwords leaked during 2014. Other passwords in the top 10 include "qwerty," "dragon," and "football."

As in past years, simple numerical passwords remain common, with nine of the top 25 passwords on the list comprised of numbers only.

People continue to put themselves at risk by using weak, easily guessed passwords, said SplashData CEO Morgan Slain:

Passwords based on simple patterns on your keyboard remain popular despite how weak they are. Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.

Online security expert Mark Burnett, author of "Perfect Passwords," indicated that some consumers might at last be getting the message about weak passwords:

The bad news from my research is that this year's most commonly used passwords are pretty consistent with prior years. The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2 percent of passwords exposed. While still frightening, that's the lowest percentage of people using the most common passwords I have seen in recent studies.