SplashData published the list of Worst passwords of 2014

SplashData has published its annual report on the used of passwords that includes the list of the Worst passwords of 2014.

Here we are to analyze the annual study published by SplashData, titled “123456” Maintains the Top Spot on SplashData’s Annual “Worst Passwords” List“, on the use of the passwords. Which are the most common passwords used by the users? Despite numerous suggestions, do users use strong passwords?

SplashData has analyzed more than 3.3 million passwords leaked in 2014 which were publicly released, the researchers revealed the top 25 most common passwords.

“The 2014 list of worst passwords demonstrates the importance of keeping names, simple numeric patterns, sports and swear words out of your passwords.” states the report.

The top 25 most common passwords represent 2.2% (72600 passwords) of the overall leaked passwords analyzed by the study.

Comparing the data with results of previous reports issued by SplashData, it is possible to note that only 2.2 percent of passwords now come from that list, this represent a significant decline in the use of weak passwords.

“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” said Mark Burnett, author of “Perfect Passwords” (http://www.xato.net). “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”

People are becoming more aware of the need for strong passwords to protect their digital identity, but it is important to highlight that single factor authentication are not enough to protect us.

“As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.” said Morgan Slain, CEO of SplashData.

The number of data breaches in still increasing, such as their overall cost, as confirmed by the study published by the Ponemon Institute.

Let’s go deep in the report by starting from the results of the previous year:

and let’s compare it with data emerged from the study of this year:

That’s incredible! The situation hasn’t changed for the top two passwords that remain the same as 2013, ‘123456’ and ‘password’ are still the most used passwords.

The new entries in the “Worst Passwords” list are the world ‘baseball’, ‘dragon’ and ‘football’, extending the analysis to the Top 100 passwords novelties include ‘michael’, ‘mustang’, ‘superman’ and ‘batman.’

Analyzing the list of worst passwords published in the study it is easy to recognize the propensity of users to adopt favorite sport,  birthday date, birth year and baby names as their passwords.

Here’s the complete list.

1) 123456
2) password
3) 12345
4) 12345678
5) qwerty
6) 1234567890
7) 1234
8) baseball
9) dragon
10) football
11) 1234567
12) monkey
13) letmein
14) abc123
15) 111111
16) mustang
17) access
18) shadow
19) master
20) michael
21) superman
22) 696969
23) 123123
24) batman
25) trustno1

The list above shows a resistance on a strong inclination towards numeric patterns, but very dangerous are also passwords composed of sequences such as “qwertyuiop,” which is the top row of letters on a standard keyboard, or in a similar manner, “1qaz2wsx” which comprises the first two ‘columns’ of numbers and letters on a keyboard.

“Don’t use your birthday or especially just your birth year — 1989, 1990, 1991, and 1992 are all in the top 100. While baby name books are popular for naming children, don’t use them as sources for picking passwords. Common names such as “michael,” “jennifer,” “thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in the top 50.” continues the study.

If you see one of your passwords in the above list … don’t waste time, change it immediately.

Pierluigi Paganini

(Security Affairs – Worst passwords, Spash data)