The Most Popular Passwords Are Still "123456" and "password"

BarbaraHudson writes: The Independent lists the most popular passwords for 2014, and once again, "123456" tops the list, followed by "password" and "12345" at #3 (lots of Spaceballs fans out there?) . "qwerty" still makes the list, but there are some new entries in the top 25, including "superman", "batman", and "696969". The passwords used were mostly from North American and Western European leaks.

qwerty?

[by+(1706743)]

My password is ',.pyf, you insensitive clod!

Re:qwerty?

[kurkosdr]

My password is 'incorrect". So if I ever forget it, the computer will helpfully remind me that "password is incorrect"

Re:qwerty?

[rasmusbr]

Just hope that the system doesn't insist on you having a combination of letters, numbers, lowercase, uppercase and special characters

Incorrect1!

Superman? Batman?

[R3d+M3rcury]

But no Marvel characters?

And?

[NitsujTPU]

1) Clearly bad passwords will be the most popular. Some people will blow off security and will pick a bad password.
2) There are no data in the article regarding how frequently these passwords are used.
3) There is no representation of what these passwords are protecting. Maybe these are passwords to something harmless like accounts in some children's game. In which case, who cares?

Re:I thought

[ganjadude]

after reading the article, im still confused as there isnt enough info to really make anything of this

The data is compiled from leaked passwords in 2014, by password company SplashData.

ok, so it was leaked passwords....but from where? for what reasons? on what devices? I would wager alot of "stock" devices will have simple PWs. and to most people, if it works, it doesnt need to be addressed. Also if PWs are from web pages? what are the pages? because if they are not secure pages (work, banks, personal info) most people simply dont care. I mean to leave comments on damn near any page, you need to register. I know on some pages ive created accts to leave a post and never plan on going back, im sure ive used some weak passwords for those sites.

in the end, without a breakdown of types of accounts / passwords, its a little hard to claim anything based on this data that is worth anything.

Re:Very nice indeed

[pushing-robot]

In fairness, it depends on what the passwords were *for*. If it's a bank site... that's bad. If it's some random site that hides content behind a pointless registration wall, '12345' is perfectly fine.
It comes down to 'if this were a door, would I lock it?'

Re:Superman? Batman?

[the_skywise]

Marvel readers are obviously more intelligent. ;p
(or the built-in punctuation of the names just lends itself to passwords... spider-man, ant-man, S.H.I.E.L.D
Actually that last one isn't a bad idea... :) )

Re:I thought

[JackieBrown]

I bought a Netgear AC1450-100NAR Dual Band Slim Gigabit Smart WiFi Router.

The instructions specifically state that it would be a bad idea to change the SSID and password. I did anyways, of course, but was surprised to read this advice.
http://ww.amazon.com/gp/produc...

I actually use 12345

[Opportunist]

Really. Yes, really.

There are certain accounts that just don't matter. Until the "5-minutes-valid" mail provider existed, I did the same with gmx mail addresses. Create, use, never bother to use it again. Since with more and more services there is no sensible way to "disable" or "close" accounts, well, one more corpse floating in their sea of dead accounts.

For example, I sometimes want to read something on Facebook and they insist that it's only visible to people who hand them their information. And, well, creating a throwaway account for Ivana Beritsh is faster than finding one that already has 12345 as its password...

Biased to cracked sites

[RevWaldo]

Since a site with proper hashing, where in theory the actual passwords are unknowable, wouldn't be on the list. And presumably sites with proper security on the back end would have stronger password complexity requirements in the first place, and vice versa. The blame falls more on the bar than the drunkards it serves.

.

Oldy-But-Goody

[Tablizer]

Evolution of Passwords:

1978:

  password

1983: Rule: Don't use 'password', too common.

  passgas

1990: Rule: Must contain at least one digit

  passgas7

1995: Rule: Must contain mixed case

  Passgas7

1999: Rule: Must contain at least one punctuation character

  Passgas7&

2004: Rule: Must change every 2 months

  Passgas7& ... Passgas8* ... Passgas9( ... Passgas1! ...

2009: Rule: Don't use same punctuation as digit key

  Passgas7$ ... Passgas8$ ... Passgas9$ ...

2012: Rule: Don't use incremental digit patterns

  Passgas71$ ... Passgas17$ ... Passgas$71 ... Passgas$17 ...

2015: Rule: Must be at least 20 characters long

  Passgas711111111111$ ... Passgas177777777777$ ...

2017: Rule: Can't use any patterns guessable by AI

  Oh f$ck it, just hack me already, dammit @666

Re:I thought

[crunchygranola]

after reading the article, im still confused as there isnt enough info to really make anything of this

Yep. There is much less to this than meets the eye.

In addition, a list of most common passwords will always have defaults and obvious simple strings as the top candidates, this will never change. What would be more useful to know is whether the relative proportion of passwords fitting this description is declining (I doubt it, but we need to see the data).

Re:trustno1

[camperdave]

Was that "Trust no one" or "Trust number one"?