The 10 Worst Passwords Of 2013
Use A Password Management Tool
You no longer have to be a security geek to use a password management tool, experts say. Password management tools have matured and contain a wide variety of capabilities to take the strain off of accessing a bank account, website or service with a strong password. Many programs use strong encryption and contain syncing features between devices, and they are also getting better at integrating with popular browsers. They often provide a random password generator to take the pressure of creating a strong password off the user.
Yet with all of those available tools, an analysis of a wide variety of password breaches over the last several years showed substantial use of weak passwords, according to SplashData, the maker of the SplashID password management application, which recently issued its annual analysis of password use.
Still dead set against setting up and maintaining a management tool? Use this list of the 10 worst passwords of 2013 to avoid a common password pitfall.
10. Adobe123
The fallout of the Adobe Systems breach resulted in the emergence of Adobe123 as the No. 10 worst password, according to SplashData. People should never base the password on the website or application that they are accessing, said SplashData CEO Morgan Slain.
Another password that frequently came up was "photoshop," SplashData said. Adobe acknowledged in October that attackers stole the personal data on 2.9 million people, including customer names, encrypted credit and debit card numbers, expiration dates and account data. The breach also resulted in the exposure of source code.
9 . iloveyou
The password "iloveyou" was up two spots to No. 9 in SplashData's annual analysis. Security experts advise that common phrases should be avoided as passwords.
Other popular passwords in 2013 included "monkey," "sunshine," "princess" and "shadow." Don't use single dictionary phrases, experts say. They'll be easily cracked.
8. 1234567
The use of the password "1234567" increased substantially in 2013, likely because of an attempt by some websites to boost security by requiring users to maintain a minimum of seven characters in a password. Security experts tell CRN that businesses need to also add other minimum requirements to boost security. One expert said e-commerce sites often forgo additional password requirements because they want to register as many users as possible and are cautious about impeding the user experience.
7. 111111
Websites that don't have many repeat visitors but require a password often have a low bar for passwords. In this case, a string of six ones, or 111111, is all that was needed to set up an account. This password increased slightly in 2013, according to SplashData's analysis.
A recent review of the password security of the Top 100 e-commerce sites by password management tool Dashlane found that 55 percent of them still accept notoriously weak passwords such as "123456."
6. 123456789
A new entry is a string of nine ordered numbers, or 123456789, SplashData said. The analysis said some of the new passwords could have come from the Adobe breach. A recent analysis of malware designed to steal the identities of a Russian social network conducted by security vendor Avast found that about 4 percent of users have strictly numerical passwords with lengths consisting mostly of 7 or 11 characters.
5. abc123
The No. 1 single "ABC" by the Jackson 5 debuted in 1970, and while it was one of the band's signature songs, it's best to avoid it at all cost as a password: "abc123" was the No. 5 worst password, according to SplashData.
4 . qwerty
The first row of letters on the keyboard is a tempting password for about 10 percent of users, according to Avast's analysis. SplashData said use of the password increased slightly in 2013. Qwerty has long been identified by security experts as a really bad choice for a password.
3. 12345678
The use of this string of ordered numbers, like 12345678, could signify an online account with a firm that requires at least eight characters. Security firm Avast said password cracking programs have these strings of numbers preloaded to quickly crack a user's passphrase.
2. password
The use of the password "password" declined slightly in 2013, but users continue to set up accounts using the word. Security vendor Kaspersky Lab said "password," "keepout," "letmein," "stayaway" may be cute, but they will likely be cracked by cybercriminals in less than 30 seconds. "Remember, when it comes to creating passwords, simplicity is bad, and complexity is your friend," the firm said.
Adding a simple number or symbol into a simple word like "password" will not increase its effectiveness, Kaspersky Lab said. It's too predictable.
1. 123456
The worst password of 2013 was 123456, according to SplashData's analysis. The firm said the successive numbers were runner up for two years in a row behind "password." SplashData noted that it found more numerical passwords in 2013 than in previous years.
Much like the password "qwerty," about 10 percent of users rely on a successive string of numbers, according to the Avast research. The firm said that 44 percent of users have accounts susceptible to brute force attacks because they are using a successive string of numbers, names and common combinations, and birthdates. Phone numbers are not a good idea either, Avast said.