However, hackers know that lots of people don’t bother creating strong passwords and the moment they acquire user data the very first thing they will do is to try out common weak passwords so they can break into as many accounts as possible. Although more and more users listen to security experts and the likes of handy solutions like password managers are getting more common with each passing day, the sad thing is that the most popular passwords can still be cracked with very little effort.
The common traits of common passwords
According to research conducted by Keeper Security based on the biggest data breaches of 2016, the trend of using bad passwords won’t change anytime soon and not just because a shocking one fifth of web surfers still use “123456” as a password. The problems uncovered by Keeper Security are more complex due to various factors: first and foremost, the list we’ve put together could’ve been written any time between 2010 and the present, meaning that the vast majority of internet users still don’t pay any attention to the warnings of security experts.
Another finding by Keeper is that most weak passwords usually consist of six characters or less, which can be easily decoded by brute-force cracking software. Passwords using unpredictable patterns but still having a strong resemblance to the worst passwords can still be cracked by hackers as dictionary-based password crackers are already programmed to look for sequential key variations.
And last but not least here’s a little trivia that explains the seemingly random passwords on most of these worst of the worst lists: they are often created by bots setting up dummy accounts on public email services created for the sole purpose of spamming the internet – suggesting that service providers are equally responsible for the situation.
The top 10 most common passwords
And now without further ado it’s time to see what passwords were the most common (and the easiest to crack) in 2016 according to internet security firm SplashData:
- 123456
- password
- 12345
- 12345678
- football
- qwerty
- 1234567890
- 1234567
- princess
- 1234
As you can see the dominance of the two most common passwords, “123456” and “password”, is still unquestionable even in spite of the many public outcries by security experts. What’s more interesting is that most internet users still trust numeric passwords where the numbers are in an easily identifiable sequential order. Using characters appearing next to each other on the keyboard is also very popular, as well as words that are trending on the internet over a certain period of time. Although not appearing on our list, many people are safeguarding their accounts with random words from a dictionary, words that are profane or they just simply change a character (from “O” to “0”, for instance) but still leave the password otherwise completely recognizable.
How to avoid weak passwords
The first and most obvious way of securing your accounts is to never use any of the above mentioned passwords, neither as they appear nor with certain characters replaced with something else. The same rule applies to passwords that are randomly selected from a thesaurus, since the so-called dictionary attack – where the attacking software searches for words from the dictionary – will easily crack those too. And even if the password passes the big test – meaning it has ambiguous characters, upper and lower case letters, and numbers – you should only use it once, because if used on multiple sites and it is revealed then the rest of your accounts can be easily compromised.
Therefore, the best way to protect yourself from data breaches is to use a new, long and complex password on every site you register with. Thankfully you don’t need to remember each of them. Browsers are capable of storing these passwords for you, but if you want the perfect protection then it’s best to turn to a password manager like Dashlane or 1Password where you only have to memorize one master password and the rest is taken care of for you.
Zoltán G.
Adam B.
User feedback