The Worst Passwords: How NOT to set a password

a65aeb e520c9442a64436e9fc1cc27235a58e3mv2

The Worst Passwords
Over the years it seems that the general public is finally starting to grasp the importance of having a strong and original password to protect their personal data – but, yet again, the annual list of the 100 worst passwords has shown that some things don’t change.

As always, the list was put together by SplashData, and is based on about 5 million leaked passwords from different sources. For the fifth year running, the number one spot was taken by the ever-so predictable ‘123456’, followed by the simple ‘password’ in second place.

Unsurprisingly, the whole list is littered with variants of these two, with number patterns such as ‘123456789’ at number 3, ‘654321’ at number 19, and ‘password1’ at number 24. Just looking at the first 10 on the list clearly shows this repetitive chain of thinking.

#9 qwerty

#8 sunshine

#7 1234567

#6 11111111

#5 12345

#4 12345678

#3 123456789

#2 password

#1 123456

Some equally lazy number patterns taking spots lower on the list include ‘111111’ and ‘666666’, as well as some more repeat offenders like ‘qwerty’, ‘admin’, ‘football’ and ‘welcome’.

For the users with the worst of memory there are even a variety of plain first names that we can only assume are the names of the account holders themselves for the most part. ‘Ashley’ at 82, ‘Andrew’ at 56, ‘Harley’ at 39, and – a new addition for 2018 – ‘Donald’ at 23.

So, what’s the lesson here? As much as the average user might know better, it’s so easy to let convenience surpass security – especially in the workplace, even though this is where data protection is of the highest importance. No matter how poor you think your memory is, or how strong you believe your security solutions to be, there is no excuse for using these predictable words and patterns.

The ideal password should be 8 characters long, including a mixture of lower and uppercase letters along with number and symbols where allowed. Most hackers crack passwords one letter at a time, so using a common word or name will make it easy for them to fill in the blanks half way through the word – instead, use anagrams and acronyms to create a seemingly random set of characters that are still easy for you to recall.

Want to know more about Boxphish?

Download our service overview

See our platform in action

Fill out the form below and a member of the team will be in touch to arrange a 20-minute demo

Boxphish get a demo product section