‘123456’ Beats ‘Password’ As Most-Used Password

After years of lecturing, users may be improving their security practices – but not by much. The pathetic “password” is no longer the most popular password on the net. It’s been displaced by the ludicrous “123456”.

The list is compiled each year by mobile software firm SplashData by going through the passwords exposed in data breaches during the year and compiling the most popular. For SplashData “most popular” is the same as “worst” since overused passwords will be easy to guess, but in all honesty, all the passwords on the list are pretty much useless. The goal is to encourage people to use passwords that are more difficult for hackers to crack, according to SpashData officials.

List of shame

“As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites,” CEO Morgan Slain said in a statement.

The 25 passwords on the list of the worst of 2013, released 21 January, are examples of what users should not do, according to SplashData. Many are easily guessable – think “qwerty” at number four, “iloveyou” at number 9 or “admin,” a new word on the list, at number 12. There are also several passwords that use a small number of numerals, from “111111” at number seven, “1234” at 16, “12345” at 20 and “000000” at 25.

A couple of the passwords new on the list stem from the security breach last year at Adobe, where personal information for up to as many as 2.9 million of the company’s customers was compromised. Popping up on SplashData’s list were “adobe123” at number 10 and “photoshop” at number 15.

“Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” Slain said.

The company’s entire list can be found on its Website.

Ongoing Problem

Security firms and tech vendors alike for years have warned computer users about the need for strong passwords to guard against attackers gaining access to personal information. Data breaches are not uncommon, and cyber-thieves have tools that can quickly break simple and weak passwords. Researchers at Microsoft and Carnegie Mellon in December unveiled a tool called Telepathwords, which models the ways cyber-criminals try to figure out passwords based on common patterns.

Telepathwords was created in hopes of encouraging users to opt for stronger passwords.

McAfee, Intel’s security division, last year rolled out a list of suggestions for creating strong passwords. Among the suggestions were using long passwords that feature a combination of upper-case and lower-case letters, as well as numbers, spaces and other characters. The longer the password, the better. In addition, McAfee – as well as most security experts – say users should use different passwords for each Internet site they get into.

Originally published on eWeek.