A complex and robust password is the first step towards a safer online presence, but some people straight up ignore this simple rule and choose the worst possible password. The weakest passwords, at least, are remarkably consistent from year to year, according to information provided by SplashData.
The user name and password for login are one of the links in the security chain. As it happens, it’s also one of the most insecure links because it’s inexorably linked to the human element. If you let people choose passwords, sometimes they will make the worst possible choices, perhaps even thinking that they’re original.
Fortunately, online services force people to get more complex passwords, but that’s usually reserved for new users. Unless something happens, like a data breach, for example, people will use the same password they had 10 years ago.
What’s equally impressive is that the list of weak passwords remains pretty much the same each year with very few variations. The list provided by SplashData is comprehensive and covers the most 100 used passwords.
The first place, as usual, is occupied by “123456,” but many online services now require longer passwords. So, we find “123456789” in second place. People also seem to enjoy “qwerty” and “password.”
The list also contains “iloveyou”, “111111”, and the uncrackable “qwertyuiop”. The rest of the list are variations and combinations between these, with a few exceptions for names. Interestingly enough, in 39th place we find “!@#$%^&*” which are all the symbols from the number keys.
When hackers try to use brute force to gain access to an account, they don’t just try random passwords. They usually try these versions first, with the hopes that the user was lazy or uninformed. But when your password is “passw0rd” but with one letter changed to a number, the hacker’s job is 10 times easier.