You would think that with the cost of ID theft to U.S. consumers topping $6 billion annually, people would stop using ridiculously easy-to-guess passwords. But new data suggests there has been little, if any, improvement in consumers' password choices in the last year.
The latest list of the top 25 passwords from password security firm SplashData shows that the dumbest passwords imaginable are still the most popular around: "123456" and "password" top the list, as they did last year, with lots of combinations of consecutive numbers helping to round out the top 10.
New entries in the list include "welcome," "passw0rd," and "login." Another new entry on the list: "starwars," a password even easier to discover than the weak point on a planet-destroying space station ("princess" also made a comeback). The company gathers the passwords by analyzing login data leaked in data breaches; this time it poured through 2 million passwords to come up with the list.
Keyboard patterns more obvious than people think
In 2015, more Internet users tried to outsmart thieves by selecting patterns of keys on their keyboards such as "qwertyuiop," the top line of letters on a standard keyboard. But that's not likely to work, what with many, many others doing the same thing.
"We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers," says Morgan Slain, CEO of SplashData. "As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites."
Here's the entire top 25, and it goes without saying that if you're using any of the passwords below to access online banking, stop reading and go change it immediately.
Top 25 bad passwords
|Rank||Password||Change from 2014|
What makes a good password?
Is your bad password on this list? Struggling to figure out what makes a good password? Here's Splashdata's advice:
- Use words or phrases that have at least 12 characters. Include letters, numbers and punctuation.
- Don't use the same password on multiple websites.
- Use a password manager to protect passwords or generate random ones.