Password manager software developer SplashData has published its annual list of the top 100 worst passwords used during the year. The list is compiled based on how frequently the passwords showed up in a list of over five million passwords found in data breaches.
While the usual suspects, like “password,” make an appearance, but so do some unexpected choices, like “banana” and “dragon.”
“Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off,” SplashData CEO Morgan Slain said in a press statement. “We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.”
The top 25 bad passwords are:
- 123456
- 123456789
- qwerty
- password
- 1234567
- 12345678
- 12345
- iloveyou
- 111111
- 123123
- abc123
- qwerty123
- 1q2w3e4r
- admin
- qwertyuiop
- 654321
- 555555
- lovely
- 7777777
- welcome
- 888888
- princess
- dragon
- password1
- 123qwe
To see the full list of the top 100 worst passwords, click here.
If you’d like to avoid your passwords making the list next year, Norton Security suggests you do the following:
Do not use personal information
Don’t use your name or names of family members or pets in your passwords. Don’t use numbers like your address, phone number, or birthdays, either. These can be publicly available, on forms you fill out or on social media profiles, and easily accessible to hackers.
Do not use real words
Password cracking tools are very effective at helping attackers guess your password. These programs can process every word in the dictionary, plus letter and number combinations, until a match is found. Steer clear of using real words from the dictionary or proper nouns or names.
Instead, use special characters. By combining uppercase and lowercase letters with numbers and special characters, such as “&” or “$,” you can increase the complexity of your password and help decrease the chances of someone potentially hacking into your account.
Create longer passwords
The longer the password, the harder it may be to crack. Try for a minimum of 10 characters.
Modify easy-to-remember phrases
One tip is to think of a passphrase, like a line from a song, and then use the first letter from each word, substituting numbers for some of the letters. For example: “100 Bottles of Beer on the Wall” could become “10oBb0tW”.
Don’t write them down
Resist the temptation to hide passwords under your keyboard or to post them on your monitor. Stories about hackers getting passwords by rummaging through trash, also known as dumpster-diving, are absolutely real.
When you type your password in a public setting, make sure no one is watching or looking over your shoulder.
One way to store and remember passwords securely is to use a tool that keeps your list of usernames and passwords in encrypted form. Some of these tools, called password managers, will even help by automatically filling in the information for you on some websites.
Change passwords on a regular basis
Passwords for your online financial accounts should be changed every month or two. Computer login passwords should be changed at least once a quarter. Using the same password for longer periods could put your information at risk if a data breach occurs.
Use different passwords on different accounts
Don’t use the same password on more than one account. If a hacker cracks it, then all of the information protected by that password on other accounts could also be compromised. Use a password generator, like Norton Identity Safe, to help create unique and strong passwords.
Do not type passwords on devices or networks you do not control
Never enter your password on another person’s computer. It could be stored without your knowledge.
When using your devices on public Wi-Fi, you should avoid visiting websites that require you to log in to your account, such as online banking or shopping. When you’re on an unsecured public network, your unencrypted data could be intercepted by a nearby hacker. To protect yourself from these threats, you should always use a virtual private network (VPN), like Norton Secure VPN, when on a public Wi-Fi connection.
Also, Norton suggests users make use of two-factor authentication.
Two-factor authentication, or 2FA, is a method of verifying your identity that adds a second layer of security to your account password. Types of two-factor authentication can include any of the following:
- Something you know: a PIN number, password, or pattern
- Something you have: an ATM or credit card, mobile phone, or security token
- Something you are: a biometric form of authentication, such as your fingerprint, your voice, or your face
