SplashData reveals worst passwords of 2013

Read time 2min 10sec
SplashData says users continue to put themselves at risk by choosing weak passwords.
SplashData says users continue to put themselves at risk by choosing weak passwords.

Password management company SplashData has released its list of the 25 worst passwords of 2013, in a bid to prevent users adopting what it describes as "weak and easily guessable" choices.

The list is compiled from stolen passwords leaked online over the past year and these are ranked in order of how frequently Internet users choose them.

For the first time since SplashData started compiling the list, "password" dropped from first place and was replaced by "123456" as the most common password chosen by millions of users.

Other choices in the top 10 include "qwerty", "abc123" and "iloveyou".

Adobe breach

SplashData says its 2013 list was influenced by the Adobe security breach last year, when hackers stole and published millions of passwords.

CEO Morgan Slain warns users to avoid passwords that relate to applications being accessed. "Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the Web site or application you are accessing.

"Another interesting aspect of this year's list is that more short numerical passwords showed up even though Web sites are starting to enforce stronger password policies," adds Slain.

Local organisations need to learn from Adobe's experience, according to SA Centre for Information Security CEO Beza Belayneh. "A big weakness is what we call a governance gap. Some businesses are not aware of the liability posed by a security breach."

Belayneh says some organisations do not understand security risks enough to implement the strongest possible means of protection. "Information is the biggest asset in any organisation, regardless of the sector, and valuable intellectual property is compromised when companies are hacked."

Belayneh says alternative practices for cyber safety include password phrases, biometric authentication using fingerprints, and security dongles which grant the user access control.

He adds that building a cyber security culture in business should involve company management as much as IT personnel.

The full SplashData list of worst passwords:

(1) 123456
(2) password
(3) 12345678
(4) qwerty
(5) abc123
(6) 123456789
(7) 111111
(8) 1234567
(9) iloveyou
(10) adobe123
(11) 123123
(12) admin
(13) 1234567890
(14) letmein
(15) photoshop
(16) 1234
(17) monkey
(18) shadow
(19) sunshine
(20) 12345
(21) password1
(22) princess
(23) azerty
(24) trustno1
(25) 000000

Login with