By using passwords that are short and easy to remember, users risk their accounts being compromised and their identities stolen. Nonetheless, security experts never cease to astonish us when they release researches concerning the quality of average passwords.
Respectively, SplashData, a password manager utility, has recently released a list of 25 passwords that illustrates how bad users are at choosing their passwords.
Notable Security Incidents in 2015:
WP Engine in a Data Breach, Customer Passwords Leaked
Cisco and Pearson VUE Test Takers in a Data Breach Incident
How Was the List of Worst Passwords Compiled?
The answer is quite simple – SplashData analysts made their list by measuring the most common passwords in a pile of over 2 million passwords that leaked throughout 2015.
N.B. The 2 million passwords used in the research are taken from published lists of leaked passwords from various websites and data breaches. Also, keep in mind that a SplashData spokesman has said that the company tried to exclude passwords from adult websites. This is his statement:
Those [adult website passwords] tend to be over-weighted in leaks, and the kinds of passwords people use on adult sites tend to be different from passwords they use on other sites (i.e., a lot more naughty!).
The stunning thing is that the 2015’s list doesn’t differ much from the lists SplashData has made in previous years. For instance, the two most common passwords that are usually at the top of ‘worst’ lists – 123456 and password – are still at number 1 and 2 positions.
Now, the question is: should we be stunned or deeply concerned? Do users pay attention to any information security news, or do they simply ignore titles about data breaches and PII leaks?
Without further ado, here is the list of SplashData’s worst 25 passwords for 2015:
Despite the prevalence and re-occurrence of badly crafted passwords, researchers have observed that some users are willing to give it a try at making their passwords more complex. Nonetheless, a more ‘creative’ password doesn’t necessarily mean a safer one, as pointed out by SplashData’s CEO Morgan Slain:
We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers.
Evaluate the Strength of Your Passwords
If you have recognized your password in SplashData’s list, then you have a problem that needs to be addressed immediately. Even though security experts tend to define passwords as an ‘old technology’, they are still the most common way to login to an account.
In addition, securing your password should be your top priority if you:
- Have never changed your password(s) or don’t remember the last time you did;
- Use passwords that look like the 25 worst passwords of 2015 (displayed above);
- Are active on social media;
- Use social login buttons (e.g. ‘login with Facebook’) on other websites;
- Shop online and use your credit card number on a regular basis (banking security tips here);
- Tend to ‘remember’ all of your passwords in the browser;
- Use both a personal and enterprise computer;
- View content that is deemed NSFW;
- Don’t know what phishing is;
- Don’t know what a keylogger is;
- Haven’t recently updated your AV software;
- Haven’t recently updated your browser(s) and plugins;
- Have left your online security in the hands of Google;
- Keep your passwords in a text file on your desktop.
Not surprisingly, password managers are often described as the best alternative of sustaining a healthy password life.
What Should I know about Password Managers?
The average password manager would install itself as a browser plug-in and take care of password capture.
How will it work? When you log in to a secure website (HTTPS), the password manager would offer to save your logins. When you come back to that page, the manager will automatically fill in your credentials, and sometimes web forms. Most password managers offer a browser-toolbar menu of all saved logins to make it easier to log in to saved sites.
Are password managers safe? It depends. The ideal password situation would be if your human memory is very powerful, and you have applied unique passwords for each of your accounts. However, in reality things are not even close to perfection. That is why it can be easily assumed that using a password manager is a better idea than not needing to use it at all (a.k.a. using one single simple password for all accounts).
In a nutshell, using a password manager would guarantee:
- The strength, complexity and randomness of passwords;
- The passwords being remembered and kept safe at one place.
Also, a prevalent number of password managers have some improved features such as:
- Synchronizing information across devices in a safe manner;
- Automatically filling in both passwords and common web forms;
- Storing arbitrary notes.
However, as pointed out by AskLeo.com, password managers won’t do the work if:
- 1. Your computer is not protected efficiently;
- 2. Your computer falls victim to malware or spyware and your master password is obtained by cyber criminals.
In conclusion, the safest password would be a smartly crafted one, used on a protected computer.