The 25 worst Internet passwords of 2011

Computer users have long been warned against using their personal details like phone numbers or birthdays as passwords, but they may not be the worst if new data from password management application provider SplashData is any indication. If you’re one of those people who thought it was clever to use “password” as your password, it’s time to wisen up and make a change, the firm says. Simply switching the “o” to a zero to make it “passw0rd”? Not much better. Both are on the list of the 25 most common passwords used on the Internet this year, according to SplashData.

Other common passwords include simple numerical choices like “123456,” common names like “ashley” and “michael,” and patterns based on the layout of the keyboard like “qwerty” and “qazwsx.” There are also some minor mysteries, like the unusual popularity of “monkey” and “shadow.” With an increasing number of sites requiring more complex passwords, some letter and number combinations like “abc123″ and “trustno1″ are being used more often.

In an effort to encourage adoption of stronger passwords, SplashData released its “25 Worst Passwords of the Year” list for 2011. According to SplashData, the most common passwords on the web are:

• password
• 123456
• 12345678
• qwerty
• abc123
• monkey
• 1234567
• letmein
• trustno1
• dragon
• baseball
• 111111
• iloveyou
• master
• sunshine
• ashley
• bailey
• passw0rd
• shadow
• 123123
• 654321
• superman
• qazwsx
• michael
• football

SplashData’s top 25 list was compiled from files containing millions of stolen passwords posted online by hackers, according to CEO Morgan Slain. He advised that if consumers or businesses are using any of the passwords in the list, their passwords should be changed immediately.

“Hackers,” Slain said, “can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft,” Slain said. “What you don’t want is a password that is easily guessable. If you have a password that is short or common or a word in the dictionary, it’s like leaving your door open for identity thieves.”

Even though thieves have more sophisticated hacking tools at their disposal today than ever before, they still tend to prefer easy targets, Slain said. “Just a little bit more sophistication in choosing passwords will go a long way toward making you safer online.”

SplashData suggests making passwords more secure with these tips:

• Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, “eat cake at 8!” or “car_park_city?”
• Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for.
• Having trouble remembering all those different passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites. There are numerous applications available, including SplashData’s own.

Print