If the onset of high-profile hackings taught us anything in 2014, it’s absolutely nothing. Password management firm SplashData released its annual list of the worst passwords of the year and it’s just as dreadful as you’d think. Of course, the more common a password is the higher the chances a hacker can get into personal accounts, like email and banking.
Of course, the more common a password is the higher the chances a hacker can get into personal accounts, like email and banking.
While number sequences were as popular as ever, sports terms like “baseball” and “football” were used more often, as well as words related to favorite sports teams — “yankees,” “eagles,” “steelers,” “rangers” and “lakers” all made the top 100.
Birthday years were common too (especially 1989, 1990, 1991 and 1992) and names like “Michael,” “Jennifer,” “Michelle” and “Hunter” are also among the top 100 worst passwords of 2014.
Here’s a look at the top 25 passwords of the year:
1. 123456 (Unchanged from 2013) 2. password (Unchanged) 3. 12345 (Up 17) 4. 12345678 (Down 1) 5. qwerty (Down 1) 6. 234567890 (Unchanged) 7. 1234 (Up 9) 8. baseball (New) 9. dragon (New) 10. football (New) 11. 1234567 (Down 4) 12. monkey (Up 5) 13. letmein (Up 1) 14. abc123 (Down 9) 15. 111111 (Down 8) 16. mustang (New) 17. access (New) 18. shadow (Unchanged) 19. master (New) 20. michael (New) 21. superman (New) 22. 696969 (New) 23. 123123 (Down 12) 24. batman (New) 25. trustno1 (Down 1)
The list is particularly scary as it comes on the heels of major hacking attacks against companies like Sony Pictures and the celebrity nude photo scandal that hit last year.
This year’s worst passwords are painfully weak, but what were once considered clever password strategies — using symbols, capitalizations, the number 3 in place of the letter “e” — are old tricks. As a refresher, it’s now recommended to pick a different password for each account you use — you wouldn’t use the same key in all of your locks, and the same goes for passwords.
Another tip to remember is that passwords should be 14 characters long and you should avoid words with personal information, like your birthday and favorite color. Scatter numbers and symbols throughout your password (don’t just tack them onto the end) and pick word combinations that aren’t related (e.g. something like “catfoldersspaceshuttle” and not “icameisawiconquered”).
Companies like Gmail, Facebook, Twitter and Apple are now trying to make hacking more difficult on their services by offering two-factor authentication, which is basically like double locking your door at night. Each time you want to log into that account, the company will send a code to your phone — it changes after each login attempt, so hackers would have to be in physical possession of your smartphone to know the code. Read more…