'Password' No Longer Dumbest Common Password

In what can only be described as an improvement in the very feeblest sense of the word, Internet users in 2013 adopted "123456" as their preferred password, and let "password" fall to No. 2.

Splash Data, a Los Gatos, Calif.-based company that produces user-friendly security apps, keeps track of data breaches each year and monitors the resulting exposed passwords. Its annual list of "Worst Passwords" is supposed to dissuade users from picking easy-to-guess passwords, which are vulnerable to brute-force attacks as well as guesswork.

The lower-case "password" is, indeed, a terrible password: It contains no numbers, no capital letters and no unusual symbols, and other humans can guess it easily. "123456" is not much of an improvement, for similar reasons. Other popular, if dismal, choices include "12345678," "qwerty," "abc123" and "111111."

MORE: How to Protect Yourself from Data Breaches

A few new entries did show up this year, such as "adobe123" and "photoshop." Splash Data theorizes that this may be due to the highly publicized Adobe data breach, which spilled login information for more than 130 million Adobe accounts.

Other new entries, such as "princess," are harder to explain. The practice of using common words, though, is old hat: "monkey," "shadow" and "sunshine" all appeared in the top 25, as did "iloveyou" and "letmein."

No password is completely immune from attackers, but Splash Data's list helps to illustrate just how ripe users can make their accounts for exploitation. Lower-case passwords consisting of complete words are easy to guess; passwords made up of digits are even easier, as there are fewer digits than letters. Appending a "1" or a "123" to a common word also does not do much to secure your information.

The best passwords are more than 10 characters long, use uncommon letter-and-number combinations and employ bits of punctuation to further confuse password crackers. Every Internet user should use a different password for each online service he or she employs; otherwise, a hacker who possesses one password can go on to compromise every Internet profile protected by that password.

That said, if a company does not adequately encrypt your data, even a good password will not prevent it  from falling into the wrong hands in case of a breach.

At that point, your only recourse is to think up a new one. Just make sure it's not the same one that President Skroob used for his luggage in "Spaceballs."

Follow Marshall Honorof @marshallhonorofand on Google+. Follow us @tomsguide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
6 comments
Comment from the forums
    Your comment
  • Arrias
    "The best passwords are more than 10 characters long, use uncommon letter-and-number combinations and employ bits of punctuation to further confuse password crackers."The common but wrong theory. Complexity doesn't mean anything to a computer. Length does. The longer your password, the better.
    0
  • edrt2
    I absolutely love this program, it's actualy the most financially rewarding I've ever had. You can work where ever, when ever, and as much as you want. Earn up to $100 in a day, pretty cool!! I can't believe how easy it was once I tried it out. Linked here Pow6.com
    -2
  • CaedenV
    Quote:
    "The best passwords are more than 10 characters long, use uncommon letter-and-number combinations and employ bits of punctuation to further confuse password crackers."The common but wrong theory. Complexity doesn't mean anything to a computer. Length does. The longer your password, the better.
    Could not agree more. The whole thing about having capitals, symbols and numbers making your password more secure to a normal data breech is entirely bunk and is more to help customers of banks feel safe than it has anything to do with making the bank any safer. In fact, the whole idea that banks and other sites spell out their requirements makes them easier to crack in spite of the extra characters because it is just a list of requirements for a programmer to specify in their code.Having a long seemingly random, but memorable, password is the most secure way to go. Even if it is all lower case letters.
    0