Security Advisor

Bad Passwords Won't Die

Why even use a password if you're just going to use easily guessable entries?

SplashData is once again back for the next installment of its annual horror franchise, featuring the 25 worst passwords of the year.

And, just as predictable as this year's installment of the Paranormal Activity series arriving just in time for Halloween, the top three spots continue to be "password," "123456" and "12345678."

In revealing just how bad the majority off passwords are, SplashData wants to snap the public out of apathy (and wants to advertise its own line of password management tools) to make changes that actually make password protection worth the effort.

"At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password," said Morgan Slain, SplashData CEO. "We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different Web sites."

To see if you are one of the offending password users, here's the complete list: password, 123456, 12345678, abc123, qwerty, monkey, letmein, dragon, 111111, baseball, iloveyou, trustno1, 1234567, sunshine, master, 123123, welcome, shadow, ashley, football, jesus, michael, ninja, mustang and password1.

SplashData prescribes the usual password-strengthening advice: use easy-to-remember phrases, separating words with symbols, use more than 8 characters and make sure that you aren't using the same password for multiple Web sites.

With the inclusion of new password features in Windows 8, I wonder if the act of drawing a smiley face on a picture of your child will make next year's cut.

Are you a password offender? Do you use follow the same secure password best practices that you expect from others on your network? Let me know at cpaoli@1105media.com.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

comments powered by Disqus

Reader Comments:

Mon, Nov 26, 2012 JoeZeppy Pittsburgh

Theres an app called caffeine, that inputs a keybard character every 2 minutes to make your PC think you are using it, it keeps your screen unlocked forever. Typical security bs, make your rules so onerous that users find workarounds that are more unsafe than if you just left things alone.

Thu, Nov 1, 2012 Ed MD

I suggest to our people is to use a sentence like: mydogFid0,has4coldnose! Easy to remember and could easily be modified to relate to the system or website on which it is used. The problem I run into is limitations on password length. Only 8 characters for the bank? Give me a break!

Thu, Nov 1, 2012 John PA

I have at least 10 passwords to maintain at work and each one has different rules and limitations on their creation. You better bet that I've figured out how to reuse the same one with minor mods for over a year before I need to make a major change. Who are we fooling. I now live with a 5 minuet locked screen saver rule. Now I've got to figure out how to beat that. I should be spending my time on productive work.

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.