Properly secure online password practices are a bit like flossing: most everyone says they want to get around to doing it right, but almost nobody ever does. Still, compared to the people on SplashData’s Worst Passwords of 2014 list, you’re probably the picture of online security health.
SplashData announced its 2015 list of the most common passwords on the internet on Tuesday, noting that the frequency of their appearance makes them incredibly easy to guess. The list contains such easy passwords as “123456789,” “12345,” and “1234,” but it’s also got such classics as “111111,” “access,” and “trustno1” – that last one, we’re assuming, being quite popular among people excited for a potential X-Files reboot.
The list of passwords is a veritable Darwin Award nominees list in the category of online security, with some folks apparently so lazy or nonchalant regarding their online security that they choose such simple keys as “baseball,” “letmein,” and “abc123.”
The top spot, of course, went to “123456,” while the second spot went to “password.” In tenth place was “football,” while “monkey” came in twelfth. Proving that there’s a good deal of risqué security thinking out there, “696969” was in 22nd place among the most common bad passwords.
And just how did SplashData come across these passwords? With passkeys this bad, you’d be forgiven for thinking that the password owners had simply told someone what their key was. Not so, though: SplashData grabbed its list from publicly leaked passwords, the sort that you hear about when some major site has its servers hacked.
If there’s anything to learn from this – aside from the fact that “69” is on a lot of people’s minds – it’s that password security (again, like flossing) isn’t all that hard; It just takes a little effort. SplashData recommends that online service users use “passwords of eight character or more with mixed types of characters.” Other good practices include avoiding using the same username/password combination for multiple websites.
Further, avoid using your birthday or birth year in your password, and don’t use your favorite sport. And for the love of all that is holy, don’t use “696969” or “qwertyuiop.” You’re just asking to be hacked in that case.