It’s that time of the year again, the results of a survey of the Internet’s most used passwords of 2014 have been released. And the winner is….*drumroll*….”123456.” Again!
SplashData, a provider of application security, has released a report on the top 25 most commonly used passwords on the Internet. Surprisingly enough, there are some new additions to the list this year, namely “696969” and “batman.” It’s worth pointing out that these passwords include only users in the North America and Western Europe.
The list shows that users do not seem very concerned about security and continue using easily guessable, simple passwords. “Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
Before we show you the list, let’s go over some passwords to avoid:
- Sequence of keys on a keyboard (i.e. “qwertyuiop”)
- Favorite sport/sport teams (“baseball” and “football” are both in the top 25 and other sports/sports teams are often in the top 100)
- Do not use your birth date (especially not just the year alone – 1989, 1990, 1991, 1992 are all in the top 100)
- Do not use names (common names like “michael,” “thomas,” “Jennifer” are all in the top 50
“The bad news from my research is that this year’s most commonly used passwords are pretty consistent with prior years,” says Mark Burnett, an online security expert. “The good news is that it appears that more people are moving away from using these passwords. In 2014, the top 25 passwords represented about 2.2% of passwords exposed. While still frightening, that’s the lowest percentage of people using the most common passwords I have seen in recent studies.”
Here is the full list of the top 25 most commonly used passwords:
| Rank | Password | Change from 2013 |
| 1 | 123456 | No Change |
| 2 | password | No Change |
| 3 | 12345 | Up 17 |
| 4 | 12345678 | Down 1 |
| 5 | qwerty | Down 1 |
| 6 | 123456789 | No Change |
| 7 | 1234 | Up 9 |
| 8 | baseball | New |
| 9 | dragon | New |
| 10 | football | New |
| 11 | 1234567 | Down 4 |
| 12 | monkey | Up 5 |
| 13 | letmein | Up 1 |
| 14 | abc123 | Down 9 |
| 15 | 111111 | Down 8 |
| 16 | mustang | New |
| 17 | access | New |
| 18 | shadow | Unchanged |
| 19 | master | New |
| 20 | michael | New |
| 21 | superman | New |
| 22 | 696969 | New |
| 23 | 123123 | Down 12 |
| 24 | batman | New |
| 25 | trustno1 | Down 1 |
As you can see, some of these are very easy to guess and people who are using them need to change them immediately. I personally recommend using a password manager program, such as LastPass. Last pass for example features a password generator for super secure passwords. Also, by using it, spyware such as keyloggers are not going to be able to steal your passwords. In addition, do not forget to use 2-factor authentication whenever possible.