Splashdata last month revealed its annual list of the most commonly used passwords and they remain shockingly poor. The data complies over 3.3 million passwords leaked in 2014 from the US and Western Europe. What's particularly worrying is the two most common passwords, '123456' and 'password', have topped the list again, retaining their top spot from previous years.
Unsurprisingly, the top 100 passwords leaked is an excellent guide of password 'no nos'. Passwords purely numerical based, particularly in sequential order continue to compromise a number of the top spots on the list alongside simple terms like 'baseball' and other sports and their teams. And in disappointing news for Spider-man fans around the world, 'Batman' is the latest superhero based password to make the list, joining his old pal Superman in the top 25. Sorry web-slingers, not only do people prefer the Dark Knight's films - but trust him to defend their internet security too.
Morgan Slain, CEO of SplashData said:
"Passwords based on simple patterns on your keyboard remain popular despite how weak they are. Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure."
Most people would be familiar with 'qwerty' based passwords, but now '1qaz2wsx' (try typing it) has grown in popularity with the number requirement imposed by many sites. My other favourite pseudo-intelligent passwords from this year include 'letmein' and 'trustno1'. I find it hard to not smile at those passwords, but internet security should be no laughing matter. And passwords are getting beyond a joke now.
No security system is ever going to be flawless, but password security is too weak. All to often passwords have been the vulnerability exploited in some o the biggest breaches of last year. Hear at Ensygnia we envision a future without passwords. The best security solutions are encrypted, tokenised and remove human error, without compromising convenience and ease. Find out more about Ensygnia's approach to security here and our take on login and registration.
By Matthew Taylor 6th February 2015
Related stories around the web