PASSWORD MANAGEMENT SOFTWARE OUTFIT Splashdata has published a list of the worst passwords entered by users over the last 12 months.
The firm has a keen interest in passwords and has compiled its list of wet paper bag protection by looking at the leaks that followed hacking attacks on firms like Adobe.
Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing, said Splashdata CEO Morgan Slain.
Another interesting aspect of this year’s list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies.
Another interesting aspect of this year’s list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies.
The string 123456 moved up a place this year, and removed password from its top position. The string password dropped into second place and the rest of the top five are 12345678, which held steady in third place, qwerty, which is fourth, and UK government favourite abc123 is fifth. The latter two switched places last year.
Yesterday we learned that abc123 is considered an adequate password by the UK government for people who can see the point in security but are reluctant to put too much work into it.
We use the analogy that ‘if you haven’t got a lock on your door, any lock is better than no lock’, said Tony Neate, the head of the UK government’s Get Safe Online campaign.
But if you are going to put a lock on your door, the best one to put on is a five-lever [mortice] lock. It’s the same analogy. I would recommend anyone to have a good, solid password. But if they haven’t got a password then ‘abc123’ is a starting point. I’m not suggesting people should have ‘abc123’. But something is better than nothing, and I’m very pragmatic when it comes to passwords.
Going by the Splashdata figures abc123 is a frankly pointless password to have. You would presumably be better off having a password created by the letter mash that would result from you hitting your forehead against a keyboard. You might not be able to remember it, but it is much less likely to be cracked.
Splashdata said that best practice is passwords of eight characters or more with mixed types of characters.