Password security company Splashdata has released a new version of its annual list of the world’s worst passwords – and ‘password’, last year’s number one, has been unseated by ‘123456’.
The company compiles its list from databases of stolen passwords
posted online, with the ‘worst’ passwords being the most commonly used –
this year’s list was influenced by the huge security breach at Adobe,
where two million users chose 123456 as their password, as reported.
Morgan Slain, chief executive of SplashData, told Yahoo News that:
“Seeing passwords like ‘adobe123′ and ‘photoshop’ on this list offers a
good reminder not to base your password on the name of the website or
application you are accessing.”
The list of stolen passwords was published online by
security consulting firm Stricture Consulting Group following the
breach. SplashData’s annual list is widely reported – and aired on the Today show – but despite the publicity, users continue to use weak passwords.
The company said in its official statement that the list, “shows that
many people continue to put themselves at risk by using weak, easily
guessable passwords. Some other passwords in the Top Ten include
“qwerty,” “abc123,” “111111,” and “iloveyou.”“Another interesting aspect of this year’s list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies,” Slain said. “For example, new to this year’s list are simple and easily guessable passwords like “1234″ at #16, “12345″ at #20, and “000000″ at #25.”
“As always, we hope that with more publicity about how
risky it is to use weak passwords, more people will start taking simple
steps to protect themselves by using stronger passwords and using
different passwords for different websites.”
|
Rank
|
Password
|
Change from 2012
|
|
1
|
123456
|
Up 1
|
|
2
|
password
|
Down 1
|
|
3
|
12345678
|
Unchanged
|
|
4
|
qwerty
|
Up 1
|
|
5
|
abc123
|
Down 1
|
|
6
|
123456789
|
New
|
|
7
|
111111
|
Up 2
|
|
8
|
1234567
|
Up 5
|
|
9
|
iloveyou
|
Up 2
|
|
10
|
adobe123
|
New
|
|
11
|
123123
|
Up 5
|
|
12
|
admin
|
New
|
|
13
|
1234567890
|
New
|
|
14
|
letmein
|
Down 7
|
|
15
|
photoshop
|
New
|
|
16
|
1234
|
New
|
|
17
|
monkey
|
Down 11
|
|
18
|
shadow
|
Unchanged
|
|
19
|
sunshine
|
Down 5
|
|
20
|
12345
|
New
|
|
21
|
password1
|
Up 4
|
|
22
|
princess
|
New
|
|
23
|
azerty
|
New
|
|
24
|
trustno1
|
Down 12
|
|
25
|
000000
|
New
|
ESET Senior Research Fellow David Harley says that in cases
such as the Adobe breach, even users with “strong” passwords are at
risk – and should think carefully about other sites where they may have
used the same password:“Where your login credentials have been revealed,
it’s obviously a good idea to change your password, and in fact the
compromised site may force you to do so. However, an attacker is likely
to assume that you use the same credentials on other sites, and he may
try them on other sites of interest to him. (Of course, they may not be
sites of interest to you.) So it’s a good idea (if an irksome task) to
change your password on other sites that do use the same credentials.”
While no password, however complex, can offer complete protection – a
cybercriminal with sufficient time and password-cracking software will
eventually break any password – using such weak passwords allows
criminals to access accounts more quickly.
No comments:
Post a Comment