Feeds

Good news: 'password' is no longer the #1 sesame opener, now it's '123456'

And still too many people are using stupid login phrases

  • alert
  • submit to reddit

High performance access to file storage

Despite the fact that users continue to cling to predictable and insecure passwords, the worst of them all is no longer the most popular.

Security firm SplashData reports that in 2013, "password" slipped from the top spot as the most popular log-in code. Taking over the dubious distinction of most popular (and perhaps least secure) passphrase was the numerical string "123456".

After "password", "12345678" was the third most popular login. Rounding out the top five passwords were "qwerty" and "abc123".

The top five will be enough to make any security administrator cringe, but the list should hardly come as a surprise. Despite countless warnings and advisories to move away from the predictable number sequences, such simple passwords have been pervasive for decades.

SplashData researchers also noted that the prevalence of simple passwords continues despite efforts by application vendors and service providers to mandate more secure passwords. Even when tasked with picking more sophisticated passcode combinations, users are opting for the simplest possible codes.

"Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies," said SplashData CEO Morgan Slain.

"For example, new to this year's list are simple and easily guessable passwords like '1234' at number 16, '12345' at number 20, and '000000' at number 25."

Other notable entries on the list were "iloveyou" as the ninth most popular bad password and "admin" as number 12; "monkey", interestingly enough, slipped all the way from the sixth spot last year down to number 17 overall.

Users also seem to harbor delusions of grandeur, as "princess" was the 22nd most popular password. Wordplay appeared at number 24 – "trustno1" – which was obviously not as clever as users thought it was.

The rankings, which were pulled from public dumps of pilfered passwords, added an Adobe feel this year. SplashData said that that company's massive 2.9 million–user password dump helped get terms such as 'adobe123' and 'photoshop' into the top 25.

Avoiding the use of easily-guessed passwords is simple enough if users employ a bit of creativity and standard best practices, such as using hard-to-guess mnemonic device and mixing letters and numbers (non-sequential, obviously) in their passwords.®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.