“Password” ranks first on password management application provider SplashData’s annual list of worst internet passwords, which are ordered by how common they are. (“Passw0rd,” with a numeral zero, isn’t much smarter, ranking 18th on the list.)
The list is somewhat predictable: Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “michael,” are all common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.
As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as “abc123″ and “trustno1,” are popular choices.
SplashData created the rankings based on millions of stolen passwords posted online by hackers. Here is the complete list:
SplashData CEO Morgan Slain urges businesses and consumers using any password on the list to change them immediately.
“Hackers can easily break into many accounts just by repeatedly trying common passwords,” Slain says. “Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.”
The company provided some tips for choosing secure passwords in a statement:
- Vary different types of characters in your passwords; include numbers, letters and special characters when possible.
- Choose passwords of eight characters or more. Separate short words with spaces or underscores.
- Don’t use the same password and username combination for multiple websites. Use an online password manager to keep track of your different accounts.