Choosing passwords for email, online services and mobile apps is always tricky. Trying to think of something memorable but also difficult for others to guess, or hack, can sometimes mean spending time staring at a screen, tapping fingers on a desk, or a entering a general Zen-like state whilst waiting for password inspiration.
Many people end up choosing passwords from a common list of well-know generic ones. This isn’t a good idea because any hacker trying to access any of your online accounts is going to try all the most common passwords first. Every year SplashData publish a list of the most common passwords they’ve found. If your password is on this list then change it before someone else takes over your account.
This year’s list shows some changing trends in passwords. Firstly, it’s the first time the word ‘password’ hasn’t been the most popular password and people are increasingly using short numerical passwords like ‘1234’.
Passwords to avoid
The top 25 passwords on SplashData’s list were:
This year’s list was influenced by Adobe’s password breach in 2013, which saw a large number of user account details (including passwords) posted online. Though not in the top 25, users of Adobe’s online services were commonly using passwords such as ‘photoshop’ or ‘adobe123’. As Morgan Slain, CEO of SplashData commented:
“Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing.”
To improve your online security we always recommend users follow particular guidelines:
- Don’t use the same password for multiple accounts – If someone acquires your password on one service, they can access the others.
- Change passwords regularly – You don’t have to change it every day, but regularly altering your password reduces the chances of people working it out.
- Avoid common password – If your password is on the 25 worst passwords list, then change it now.
Selecting passwords doesn’t have to be difficult. Using random characters and numbers isn’t always the most secure option, as this XKCD comic highlights: