2013 was a wildly visible year for cyber security and online privacy. There were, of course, the monumental NSA and Snowden revelations, but 2013 was also a year in which tech companies like Adobe, Google, Facebook, Twitter, and LinkedIn all fell victim to some for of cyberattack. Large scale news organizations watched as major email phishing scams compromised their social media accounts and, in one case, triggered a trading run on the stock market. And yet for all the visibility, punditry, and drama, new data suggests that internet users are still terrible at choosing a good password.
According to SplashData, which presents an annual list of the most common passwords (compiled in part by combing big security breaches and online password dumps), 2013’s most common password is “123456”, which narrowly beat out the defending champion “password”. The only slightly more complicated “12345678” ended 2013 for the second year in third place. The year’s fastest rising star was “1234567”, a subtle but daring riff on a classic, which rose five spots to eighth place along with the always-popular “123123”. The biggest loser in 2013: “trustno1”, a standby for the paranoid user that both trusts no one and is too lazy to do something about it. Here’s the top 25:
As Splashdata’s post notes, 2013’s passwords were influenced heavily by an Adobe breach, where users chose passwords like “adobe123” and “photoshop”. The company’s post also offers tips for crafting a better password:
Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like “dr4mat1c” can be vulnerable to attackers’ increasingly sophisticated technology, and random combinations like “j%7K&yPx$” can be difficult to remember. One way to create more secure passwords that are easy to recall is to use passphrases — short words with spaces or other characters separating them. It’s best to use random words rather than common phrases. For example, “cakes years birthday” or “smiles_light_skip?”
Other companies, like Microsoft security page offer nice primers on how to create a secure password, as well: