Annual list of top 25 passwords is released – and, no, we haven't learned a thing
The annual list of the top 25 passwords used by consumers has been released – and it's clear that many of us are leaving ourselves alarmingly open to the increasingly sophisticated range of online security threats.
According to a list compiled by security software developer Splashdata, the most obvious password in the universe – that is, the actual word "password" – remains the world's most common, followed by 123456 and 12345678.
Here's the full list, with last year's rank in brackets:
- 1. password (1)
- 2. 123456 (2)
- 3. 12345678 (3)
- 4. abc123 (5)
- 5. qwerty (4)
- 6. monkey (6)
- 7. letmein (8)
- 8. dragon (10)
- 9. 111111 (12)
- 10. baseball (11)
- 11. iloveyou (13)
- 12. trustno1 (9)
- 13. 1234567 (7)
- 14. sunshine (15)
- 15. master (14)
- 16. 123123 (20)
- 17. welcome (new)
- 18. shadow (19)
- 19. ashley (16)
- 20. football (25)
- 21. jesus (new)
- 22. michael (24)
- 23. ninja (new)
- 24. mustang (new)
- 25. password1 (new)
The list is compiled by sifting through the passwords dumped online after big hack attacks, including hacks this year at Yahoo and LinkedIn.
The LinkedIn hack in June was one of the biggest of the year, with as many as six million passwords dumped on line.
At the time, LinkedIn director Vicente Silveira gave some good advice about password management.
He wrote in a blog post that LinkedIn users should change their passwords every few months or at least once a quarter, and provided a set of tips to help users create "strong" passwords:
- Variety – don't use the same password on all the sites you visit.
- Don't use a word from the dictionary.
- Length – select strong passwords that can't easily be guessed with 10 or more characters.
- Think of a meaningful phrase, song or quote and turn it into a complex password using the first letter of each word.
- Complexity – randomly add capital letters, punctuation or symbols.
- Substitute numbers for letters that look similar (for example, substitute "0? for "o" or "3? for "E".
- Never give your password to others or write it down.