A complex and robust password is the first step towards a
safer online presence, but some people straight up ignore this simple rule and choose
the worst possible password. The weakest passwords, at least, are remarkably
consistent from year to year, according to information provided by SplashData.
The user name and password for login are one of the links
in the security chain. As it happens, it’s also one of the most insecure links
because it’s inexorably linked to the human element. If you let people choose
passwords, sometimes they will make the worst possible choices, perhaps even thinking
that they’re original.
Fortunately, online services force people to get more
complex passwords, but that’s usually reserved for new users. Unless something
happens, like a data breach, for example, people will use the same password
they had 10 years ago.
What’s equally impressive is that the list of weak
passwords remains pretty much the same each year with very few variations. The
list provided by SplashData is comprehensive and covers the most 100 used
passwords.
The first place, as usual, is occupied by “123456,” but
many online services now require longer passwords. So, we find “123456789” in second
place. People also seem to enjoy “qwerty” and “password.”
The list also contains “iloveyou”, “111111”, and the
uncrackable “qwertyuiop”. The rest of the list are variations and combinations
between these, with a few exceptions for names. Interestingly enough, in 39th
place we find “!@#$%^&*” which are all the symbols from the number keys.
When hackers try to use brute force to gain access to an
account, they don’t just try random passwords. They usually try these versions
first, with the hopes that the user was lazy or uninformed. But when your
password is “passw0rd” but with one letter changed to a number, the hacker’s
job is 10 times easier.