SplashData has released the 2015 edition of its yearly Worst Passwords List, and it seems that Internet users are simply not becoming smarter when it comes to online security.
Once again on top of the list are the passwords "123456" and "password," the same spot where they have been since the annual list was started by SplashData five years ago.
The fifth annual report of the password management company compiled the over 2 million passwords that were leaked over 2015. This year's list featured new and longer passwords, which perhaps shows a bit of effort from both users and websites alike to add more security to online accounts.
However, the bad news is that despite the passwords being longer, they are still very simple, which makes the added length trivial in terms of actually adding to the online account's security. Examples are "1234567890," "1qaz2wsx," which is the first two columns of the keyboard, and "qwertyuiop," which is the first row of letters of the keyboard. These passwords, which are on the top 25 for the first time, are longer but still very easy for hackers to guess.
The list also featured new entries that were inspired by the recent return to widespread popularity of the Star Wars franchise, with "solo," "princess," and "starwars" making their way into the top 25.
The top 25 list, along with the changes in position from last year's list, are as follows:
- 123456 (Unchanged)
- password (Unchanged)
- 12345678 (Up 1)
- qwerty (Up 1)
- 12345 (Down 2)
- 123456789 (Unchanged)
- football (Up 3)
- 1234 (Down 1)
- 1234567 (Up 2)
- baseball (Down 2)
- welcome (New)
- 1234567890 (New)
- abc123 (Up 1)
- 111111 (Up 1)
- 1qaz2wsx (New)
- dragon (Down 7)
- master (Up 2)
- monkey (Down 6)
- letmein (Down 6)
- login (New)
- princess (New)
- qwertyuiop (New)
- solo (New)
- passw0rd (New)
- starwars (New)
Needless to say, if your passwords are one of the easily crackable ones on the list, it is highly recommended that you change them.
SplashData offered a few tips on how to create stronger passwords, beginning with creating passwords that have lengths of at least 12 characters that are a mix of numbers, letters, and if the website permits, special symbols.
SplashData also recommended that users avoid using only one password across different websites, as cracking the password on one website would allow hackers to access all of the user's online accounts if only one password is used on all of them.
Lastly, SplashData recommends that users utilize a password manager, such the company's SplashID, for the organization and protection of passwords, the creation of random passwords, and for automatic log-ons to websites without compromising password security. Of course, there are a variety of other software available for the purpose, and the user's choice would depend on preference and budget.
Another recommendation is not to use words or phrases that can be found in the dictionary, as hackers utilize files contained with words to try to hack into accounts. Users are also recommended to not use simply substitute a letter or character with an obvious replacement, such as with the 24th password on the top 25 that replaced the "o" in password with a zero.
