Despite the multitude of password management apps that are available, like 1Password and LastPass, many people continue to use easily guessable words and number strings to protect their sensitive information.
One of the most popular passwords in 2014, for example, was “123456,” according to a list of leaked 2014 passwords gathered by SplashData (via Re/code). The second most used password was “password,” followed by “12345,” “12345678,” and “qwerty.” Both “123456” and “password” have also been popular in past years, ranking as the top two most commonly used passwords in 2013.
Similar number strings were the sixth and seventh most popular 2014 passwords, followed by the words “baseball,” “football,” and “dragon.”
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
To get its list of the worst passwords in 2014, its fourth annual year of collecting password data, SplashData looked at more than 3.3 million passwords that were leaked across 2014. Passwords came primarily from users in North America and Western Europe.
Based on the data that it gathered, SplashData recommends against using keyboard sequences like “1qaz2wsx” or “qwertyuiop,” and it advises users not to use a favorite sport. Baseball and football made the top 10 list of most common passwords, while hockey, soccer, and golfer were in the top 100. Team-based passwords like Yankees, Eagles, Steelers, Rangers, and Lakers also made the top 100 list.
Birthdays and birth years are also not recommended, nor are names, with common monikers like Michael, Jennifer, Thomas, and Jordan listed within the top 50 most commonly used passwords. Swear words, phrases, hobbies, athletes, car brands, and film names were also heavily featured in SplashData’s top 100 list.
Using a password management app like SplashID, 1Password, or LastPass is highly recommended, to generate random passwords that are used for a single site and that are more secure than self-generated words, numbers, and phrases.
Widely publicized data leaks across 2013 and 2014 seem to have spurred more people to choose stronger passwords, as the top 25 passwords represented just 2.2 percent of passwords exposed. Along with the well-known iCloud breach, many companies including Home Depot, Target, and Staples saw major data leaks.