An annual study of the most commonly used passwords has found that password, 123456 and 12345678 are still the most commonly used passwords – despite years of security experts urging people to change them to more secure versions.
“Just in time for Halloween comes something that might scare anyone who spends a lot of time online: SplashData’s annual list of the most common passwords used on the Internet and posted by hackers,” the researchers said.
“Users of any of these passwords are the most likely to be victims in future breaches.”
The latest list comes following 12 months of high profile hacks that have revealed user passwords.
Yahoo, LinkedIn, eHarmony, and Last.fm have all suffered major breaches.
However, some people have updated their passwords, and the research found new entries to this year’s list include “welcome”, “jesus”, “ninja” ,”mustang” and “password1”.
The firm behind the study, SplashData, warned users to change their password.
“At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password,” said Morgan Slain, SplashData CEO.
“We’re hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”
SplashData’s top 25 list was compiled from files containing millions of stolen passwords posted online by hackers.
The company advises consumers or businesses using any of the passwords on the list to change them immediately.
“Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets,” Morgan Slain said.
“Just a little bit more effort in choosing better passwords will go a long way toward making you safer online.”
HOW TO CHOOSE A SAFE PASSWORD
SplashData suggests making passwords more secure with these tips:
• Use passwords of eight characters or more with mixed types of characters.
• For example, “eat cake at 8!” or “car_park_city?”
• Avoid using the same username/password combination for multiple websites.
• Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services.
MOST COMMON PASSWORDS
The Worst Passwords of 2012, including their current ranking and any changes from the 2011 list:
1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)
Source: SplashData
