If you think "123456" is a good password for online accounts, think again. The number sequence has once again ranked at the top of SplashData's Worst Passwords List.
The 2015 edition of the annual list saw 123456 unmoved in the top spot of most insecure passwords, followed by "password", which was unchanged in the number two spot.
SplashData's fifth annual report was compiled from more than two million leaked passwords during 2015. The aim of the list is to highlight the habits of Internet users and demonstrate how people's choices for passwords remain consistently risky.
The 2015 list saw some new and longer passwords make their debut, including "1234567890" and "1qaz2wsx" - which is the first two columns of main keys on a standard keyboard. The password "qwerty" (the first six letters on the top row of keys on a standard keyboard) moved one spot up to fourth place and was for the first time joined by a longer version "qwertyuiop" (the entire top row of keys on a standard keyboard).
SplashData says the use of longer passwords perhaps shows an effort by both Web sites and users to be more secure; however, it points out that many of the new addition longer passwords "are so simple as to make their extra length virtually worthless as a security measure".
"We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns, they will put you in just as much risk of having your identity stolen by hackers," says Morgan Slain, CEO of SplashData.
SplashData, a provider of password management applications, says the passwords evaluated for the 2015 list were mostly held by users in North America and Western Europe.
"The Worst Passwords List shows many people continue to put themselves at risk for hacking and identity theft by using weak, easily guessable passwords."
As in past years' lists, simple numerical passwords remain common, with six of the top 10 passwords on the 2015 list comprised of numbers only.
Sports names also remain popular password options. While baseball may be America's pastime, "football" has overtaken it as a popular password. Both appear in the top 10 of the list, with "football" climbing three spots to number seven and "baseball" dropping two spots to number 10.
Excitement over the release of the latest Star Wars movie - "Star Wars: The Force Awakens" ? saw new entries into the 2015 list, including "starwars", "solo" and "princess". Other new additions that did not appear on the 2014 list include "welcome", "login" and "passw0rd".
"As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different Web sites," notes Slain.
SplashData's advice is to use passwords or passphrases of 12 characters or more, with mixed types of characters, and avoid using the same password over and over again on different sites.
Here is the full list of passwords to avoid:
1. 123456 (unchanged from 2014)
2. password (unchanged)
3. 12345678 (up one)
4. qwerty (up one)
5. 12345 (down two)
6. 123456789 (unchanged)
7. football (up three)
8. 1234 (down one)
9. 1234567 (up two)
10. baseball (down two)
11. welcome (new)
12. 1234567890 (new)
13. abc123 (up one)
14. 111111 (up one)
15. 1qaz2wsx (new)
16. dragon (down seven)
17. master (up two)
18. monkey (down six)
19. letmein (down six)
20. login (new)
21. princess (new)
22. qwertyuiop (new)
23. solo (new)
24. passw0rd (new)
25. starwars (new)
Share