There’s no doubt about it. Human beings are typically terrible at choosing passwords.
We either choose a password that is easy to guess (the name of our pet hamster, the name of our favourite football team), or one that is easy to crack (dictionary words like “password” or “letmein”), or find ourselves dreaming up one hard-to-crack and impossible-to-guess complex password (“fTKJ5QSAw}jd’~m3X7N” or “foolery-suburb-narcosis-shorts-unbidden-widely”) but make the mistake of reusing it everywhere.
Humans suck at choosing passwords.
And that’s why I recommend that people invest in a password management tool, capable of generating truly random, impossible to guess passwords, and then doing the important job of remembering them for you so you don’t need to reuse them for every site you access.
All you then need to do is remember one complex, hard-to-crack master password and never have to worry about forgetting your email, eBay or Amazon password ever again.
My guess is that although the password manager solution is pretty straightforward many people are either ignorant that it exists, or think (mistakenly) that it will be too hard for them to follow. And so they go back to bad habits.
The fact that we are STILL talking about bad password practices proves that many people still aren’t getting the message, and new research released by SplashData makes clear that there are still many people using very very bad passwords indeed.
SplashData looked at more than two million passwords that have leaked through data breaches in the last year, and compiled a list of the 25 worst passwords.
And remember, it’s not just researchers who know the most commonly used passwords like the back of their hand. Malicious hackers and identity thieves know too.
So, without further ado, here are the worst passwords you could be using:
If you recognize any of those passwords as one of yours – shame on you. Learn your lesson and change your password immediately. Passwords like these are effectively worthless.
You might think you’re clever choosing a password like ‘1qaz2wsx’ (take a close look at your keyboard if you want to know where that one came from) or ‘starwars’ but it’s clear that plenty of people had the same idea as you.
And don’t feel too smug if your password isn’t on this list. The fact is that hackers and password crackers have access to databases of *millions* of the most commonly used passwords – meaning that unless you have taken care creating your password, chances are that it won’t take an enormous effort to crack it.
Here are my tips for better password security:
- Choose passwords or passphrases of a decent length. Over a dozen characters is good, but ideally make it as long as you can. Mix it up with special characters, upper and lower case, and numbers to make it trickier.
- Never share your passwords. Ultimately you can only trust yourself to take good care of them.
- Never have a guessable password. Someone who knows you shouldn’t have any advantage in guessing your password.
- Never ever reuse your passwords. If one site you are a member of gets hacked, you don’t want those same credentials to be able to unlock your other online accounts.
- For goodness sake, get a password manager. I have over 900 accounts online – it would be impossible for me to remember 900 complex, unique passwords which means I might be tempted to choose weaker passwords instead or reuse them. Password managers mean I don’t have to dilute my security.