SplashData reveals 2011's 25 worst passwordsReaffirming a smaller study released earlier this year, SplashData has published a list of this year's 25 worst passwords. We've seen countless security breaches this year and in many of those cases, the hackers released the stolen data online. SplashData has used that information to compile its list. Although some of the swiped passwords were shamelessly stored in plaintext, most were encrypted. In other words, for the following passwords to even make it on the top 25 list, they must have been cracked. That just further illustrates how worthless they are:
|1. password||6. monkey||11. baseball||16. ashley||21. 654321|
|2. 123456||7. 1234567||12. 111111||17. bailey||22. superman|
|3. 12345678||8. letmein||13. iloveyou||18. passw0rd||23. qazwsx|
|4. qwerty||9. trustno1||14. master||19. shadow||24. michael|
|5. abc123||10. dragon||15. sunshine||20. 123123||25. football|
"Hackers can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft," said SplashData CEO Morgan Slain. "What you don't want is a password that is easily guessable. If you have a password that is short or common or a word in the dictionary, it's like leaving your door open for identity thieves." With attackers on the prowl this holiday season, it's a great time to secure your accounts.
In a completely anecdotal side note, I feel compelled to mention that it seems some people are lured into a false sense of invincibility online. Perhaps it's because of the Web's relative anonymity, their general misunderstanding of the technology, or both. Many of the same individuals would cling to symbols of real world security -- be that an easily bypassed $10 door lock or forfeiting civil liberties to travel. Point being: it's odd that many people don't take advantage of free and easy security measures online, but they'll go to great lengths for lackluster security measures in the real world.