'123456' Overtakes 'Password' as Weakest Password

By Jeffrey Burt Print this article Print

The good news? The word "password" is not the weakest password found on the Internet. The bad news? It's still number two, and the top one is "123456."

That's according to SplashData, a company that makes software for mobile phones and has been keeping the list for at least three years. The company compiles the annual list by going through the passwords exposed in data breaches during the year and culling out the most popular.

The goal is to encourage people to use passwords that are more difficult for hackers to crack, according to SpashData officials.

"As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites," CEO Morgan Slain said in a statement.

The 25 passwords on the list of the worst of 2013, released Jan. 21, are examples of what users should not do, according to SplashData. Many are easily guessable—think "qwerty" at number four, "iloveyou" at number 9 or "admin," a new word on the list, at number 12. There are also several passwords that use a small number of numerals, from "111111" at number seven, "1234" at 16, "12345" at 20 and "000000" at 25.

A couple of the passwords new on the list stem from the security breach last year at Adobe, where personal information for up to as many as 2.9 million of the company's customers was compromised. Popping up on SplashData's list were "adobe123" at number 10 and "photoshop" at number 15.

"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," Slain said.

The company's entire list can be found on its Website.

Security firms and tech vendors alike for years have warned computer users about the need for strong passwords to guard against attackers gaining access to personal information. Data breaches are not uncommon, and cyber-thieves have tools that can quickly break simple and weak passwords. Researchers at Microsoft and Carnegie Mellon in December unveiled a tool called Telepathwords, which models the ways cyber-criminals try to figure out passwords based on common patterns.

Telepathwords was created in hopes of encouraging users to opt for stronger passwords.

McAfee, Intel's security division, last year rolled out a list of suggestions for creating strong passwords. Among the suggestions were using long passwords that feature a combination of upper-case and lower-case letters, as well as numbers, spaces and other characters. The longer the password, the better. In addition, McAfee—as well as most security experts—say users should use different passwords for each Internet site they get into.

This article was originally published on 2014-01-22
Originally published on www.eweek.com.