Sadly, the password 123456 has emerged as the most common password for the second year in a row. SplashData, a company that provides various password management utilities, compiles an annual list of common passwords by analyzing over five million user records leaked online in 2017.
If you use any of the passwords listed, you could be at risk for identity theft. How? Because attackers use these same leaked records to build similar lists of leaked passwords, which they then assemble as “dictionaries” for carrying out account brute-force attacks.
Attackers will use the leaked terms, but they’ll also create common variations on these words using simple algorithms. This means that by adding “1” or any other character combinations at the start or end of basic terms, users aren’t improving the security of their password.”
Of five million leaked credentials, here are the top 25 most common passwords:
1 – 123456 (rank unchanged since 2016 list)
2 – password (unchanged)
3 – 12345678 (up 1)
4 – qwerty (Up 2)
5 – 12345 (Down 2)
6 – 123456789 (New)
7 – letmein (New)
8 – 1234567 (Unchanged)
9 – football (Down 4)
10 – iloveyou (New)
11 – admin (Up 4)
12 – welcome (Unchanged)
13 – monkey (New)
14 – login (Down 3)
15 – abc123 (Down 1)
16 – starwars (New)
17 – 123123 (New)
18 – dragon (Up 1)
19 – passw0rd (Down 1)
20 – master (Up 1)
21 – hello (New)
22 – freedom (New)
23 – whatever (New)
24 – qazwsx (New)
25 – trustno1 (New)
Our partner, KnowBe4, has created a complex password guide to help your users make a strong password that very hard to crack. Here’s how to start: Think of a phrase or sentence with at least eight words. It should be something easy for you to remember but hard for someone who knows you to guess. It could be a line from a favorite poem, story, movie, song lyric, or quotation you like.
Tips For Password Security
- Keep your passwords private – never share a password with anyone else.
- Do not write down your passwords.
- Use passwords of at least eight (8) characters or more (longer is better).
- Use a combination of uppercase letters, lower case letters, numbers, and special characters (for example: !, @, &, %, +) in all passwords.
- Avoid using people’s or pet’s names, or words found in the dictionary; it’s also best to avoid using key dates (birthdays, anniversaries, etc.).
- Substituting look-alike characters for letters or numbers is no longer sufficient (for example, Password” and “P@ssw0rd”).
- A strong password should look like a series of random characters.
Weak Password Tool
How weak are your user’s passwords? Find out more about our complimentary Weak Password Tool, available from KnowBe4.