The Most Popular Passwords Are Still "123456" and "password"

BarbaraHudson writes: The Independent lists the most popular passwords for 2014, and once again, "123456" tops the list, followed by "password" and "12345" at #3 (lots of Spaceballs fans out there?) . "qwerty" still makes the list, but there are some new entries in the top 25, including "superman", "batman", and "696969". The passwords used were mostly from North American and Western European leaks.

Re:Very nice indeed

[pushing-robot]

In fairness, it depends on what the passwords were *for*. If it's a bank site... that's bad. If it's some random site that hides content behind a pointless registration wall, '12345' is perfectly fine.
It comes down to 'if this were a door, would I lock it?'

Re:Superman? Batman?

[the_skywise]

Marvel readers are obviously more intelligent. ;p
(or the built-in punctuation of the names just lends itself to passwords... spider-man, ant-man, S.H.I.E.L.D
Actually that last one isn't a bad idea... :) )

Biased to cracked sites

[RevWaldo]

Since a site with proper hashing, where in theory the actual passwords are unknowable, wouldn't be on the list. And presumably sites with proper security on the back end would have stronger password complexity requirements in the first place, and vice versa. The blame falls more on the bar than the drunkards it serves.

.

Oldy-But-Goody

[Tablizer]

Evolution of Passwords:

1978:

  password

1983: Rule: Don't use 'password', too common.

  passgas

1990: Rule: Must contain at least one digit

  passgas7

1995: Rule: Must contain mixed case

  Passgas7

1999: Rule: Must contain at least one punctuation character

  Passgas7&

2004: Rule: Must change every 2 months

  Passgas7& ... Passgas8* ... Passgas9( ... Passgas1! ...

2009: Rule: Don't use same punctuation as digit key

  Passgas7$ ... Passgas8$ ... Passgas9$ ...

2012: Rule: Don't use incremental digit patterns

  Passgas71$ ... Passgas17$ ... Passgas$71 ... Passgas$17 ...

2015: Rule: Must be at least 20 characters long

  Passgas711111111111$ ... Passgas177777777777$ ...

2017: Rule: Can't use any patterns guessable by AI

  Oh f$ck it, just hack me already, dammit @666

Re:I thought

[crunchygranola]

after reading the article, im still confused as there isnt enough info to really make anything of this

Yep. There is much less to this than meets the eye.

In addition, a list of most common passwords will always have defaults and obvious simple strings as the top candidates, this will never change. What would be more useful to know is whether the relative proportion of passwords fitting this description is declining (I doubt it, but we need to see the data).