Pierluigi Paganini
January 20, 2016
For the fifth time, experts from the SplashData security firm have published a report, titled “Worst Passwords of 2015” that analyzes the use of passwords in 2015. The researchers compiled the annual report with data related more than two million leaked passwords during 2015, mostly held by users in North America and Western Europe.
I tell you now that nothing has changed and that despite the awareness of cyber threats is increased, users continue to make the same errors adopting weak and predictable passwords
The most used passwords were “123456” and “password,” exactly the same since 2011! Also in 2015 users used simple numerical passwords, with six of the top 10 passwords on the 2015 list comprised of numbers only.
Some users have started using new and longer passwords in an attempt to improve their security, or simply because websites forced them to do so, however are still easy to guess.
“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” explained SplashData chief executive Morgan Slain.
“As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”
Let me show you how users’ worst passwords have evolved in the last three years:
Below the situation in 2014
And in 2015, the list included the following strings:
Sports remain a popular password theme, but this year “football” has overtaken baseball, clear change of the Americans’ passions.
Very common are also terms used in the Star Wars saga, for the fist time in the list of worst passwords list we see terms like “starwars,” “solo,” and “princess.” Other novelties respect the 2014 list are “welcome”, “login” and “passw0rd.”
Below the complete list of the worst passwords of 2015, is you are using one of them is time to change it!
| Rank | Password | Change from 2014 |
| 1 | 123456 | Unchanged |
| 2 | password | Unchanged |
| 3 | 12345678 | Up 1 |
| 4 | qwerty | Up 1 |
| 5 | 12345 | Down 2 |
| 6 | 123456789 | Unchanged |
| 7 | football | Up 3 |
| 8 | 1234 | Down 1 |
| 9 | 1234567 | Up 2 |
| 10 | baseball | Down 2 |
| 11 | welcome | New |
| 12 | 1234567890 | New |
| 13 | abc123 | Up 1 |
| 14 | 111111 | Up 1 |
| 15 | 1qaz2wsx | New |
| 16 | dragon | Down 7 |
| 17 | master | Up 2 |
| 18 | monkey | Down 6 |
| 19 | letmein | Down 6 |
| 20 | login | New |
| 21 | princess | New |
| 22 | qwertyuiop | New |
| 23 | solo | New |
| 24 | passw0rd | New |
| 25 | starwars | New |
If you want to have more information on the topic give a look to the “Worst passwords ebook” published by the company
(Security Affairs – Worst passwords, Spash data)
