SplashData released their “Worst passwords of 2019” list, which includes the top 25 most dangerous and most commonly leaked passwords. In an interesting turn of events, password has for the first time in the list’s history been knocked out of the top two spots.
“Invoking the name of the president or any other celebrity as your password is a dangerous decision, one that hackers will exploit and put you at substantial risk of having your identity stolen,” said Morgan Slain, CEO of SplashData.
Top 25 worst passwords of 2019
Weak passwords still an issue
While the company is encouraged that password – among the worst of all bad passwords – has finally been dethroned, computer users continue using the same predictable, easily guessable words and alphanumeric patterns as their passwords. While many computer programs now prevent these passwords from being created in the first place, older applications and some websites still enable people to use dangerously weak passwords.
Among the new entries this year are 1q2w3e4r and qwertyuiop – simple patterns using contiguous keys on the keyboard. Using such letter/number combinations may seem to be complex but will not fool hackers who know millions of people use them.
Each year, SplashData evaluates millions of leaked passwords to determine which passwords were most used by computer users during that year. Common passwords that continually appear on the Worst Passwords list include princess, qwerty, iloveyou and welcome.
“Our hope by publishing this list each year is to convince people to take steps to protect themselves online, and we think these and other efforts are finally starting to pay off,” says Slain. “We can tell that over the years people have begun moving toward more complex passwords, though they are still not going far enough as hackers can figure out simple alphanumeric patterns.”
SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.
According to the researchers, the over five million leaked passwords evaluated for the 2019 list were mostly held by users in North America and Western Europe. Passwords leaked from hacks of adult websites were not included in this report.
SplashData offers three simple tips to be safer online:
1. Use passphrases of twelve characters or more with mixed types of characters.
2. Use a different password for each of your logins. That way, if a hacker gets access to one of your passwords, they will not be able to use it to access other sites.
3. Protect your assets and personal identity by using a password manager to organize passwords, generate secure random passwords, and automatically log into websites.