The Worst Passwords of 2016

January 24, 2017 by Paul Ausick

Ever since the dawn of the personal computer age, users have had to create, remember and type in a password to do at least something with the machine in front of them. Because most of us already have plenty of other things to think about and remember, those passwords were often almost ludicrously simple, like “password” or “1234” or … you get the idea.

Some 30 years later, a lot of us do the same thing, even though we should know better by now. More than 37 million records were exposed in data breaches last year in the United States. That number represents records stolen from the business and government sector, and by an estimate from security application provider SplashData, includes more than 5 million individual password records.

There were plenty of examples of poor password choice to pick from last year, but the break-in at the Democratic National Committee was probably the poster child. An easily breakable password used by Hillary Clinton’s campaign manager John Podesta led to a hacking attack against the group’s systems that resulted in the loss of thousands of passwords and hundreds of thousands of emails.

The loss of billions of online credentials (usernames and passwords) in 2016 has led to an increase in a hacking attack known as credential stuffing, where credentials stolen from one website are gathered into a massive file that then enters the credentials one at a time into a different website’s login screen. Hackers’ success rates are barely 2%, but it doesn’t have to be very high — from a million stolen credentials, 20,000 accounts could be compromised.

What to do? Last October we looked at how to guard against identity theft. Near the top of the list is a recommendation to create strong passwords. Similarly, if you purchase a new device that is network connectable (the so-called Internet of Things), it is critical to change the default password that comes pre-installed.

And if you want those passwords to be hard for thieves to figure out, don’t use one of these, the 10 worst passwords of 2016:

  1. 123456
  2. password
  3. 123435
  4. 12345678
  5. football
  6. qwerty
  7. 1234567890
  8. 1234567
  9. princess
  10. 1234

Security website Darkreading has more details and an additional 15 passwords you should avoid.

Sponsored: Want to Retire Early? Here’s a Great First Step

Want retirement to come a few years earlier than you’d planned? Or are you ready to retire now, but want an extra set of eyes on your finances?

Now you can speak with up to 3 financial experts in your area for FREE. By simply clicking here you can begin to match with financial professionals who can help you build your plan to retire early. And the best part? The first conversation with them is free.

Click here to match with up to 3 financial pros who would be excited to help you make financial decisions.

Posted in Technology | Comments Off on The Worst Passwords of 2016