2. ‘123456’ WORST PASSWORD OF
THE YEAR 2016
SplashData releases its annual list in an effort to encourage the adoption ofstronger passwords to improve Internet security. The
passwords evaluatedare mostly from North American and Western European users. The list shows many people continue to put
themselves at risk for hackingand identity theft by using weak, easily guessable passwords.
We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based
on simple patterns they will put you in just as much risk of having your identity stolen by hackers”by Morgan Slain, CEO of SplashData
As in past years’ lists, simple numerical passwords remain common, with nine of the top 25 passwords on the 2014 list comprised of
numbers only. Passwords appearing for the first time on SplashData’s list include “696969″ and “batman.” While Valentine’s Day is less
than a month away, “iloveyou” is one of the nine passwords from 2013 to fall off the 2014 list.
Here are Dos and Don’ts regarding passwords
Don’t use a favorite sport as your password – “baseball” and “football” are in top 10, and “hockey,” “soccer” and “golfer” are in the top 100.
Don’t use a favorite team either, as “yankees,” “eagles,” “steelers,” “rangers,” and “lakers” are all in the top 100.
3. ‘123456’ WORST PASSWORD OF
THE YEAR 2016
Don’t use your birthday or especially just your birth year — 1989, 1990, 1991,
and 1992 are all in the top 100.
While baby name books are popular for naming children, do not use them as
sources for picking passwords. Common names such as “michael,” “jennifer,”
“thomas,” “jordan,” “hunter,” “michelle,” “charlie,” “andrew,” and “daniel” are all in
the top 50.
Use passwords of eight characters or more with mixed types of characters.
Avoid using the same username/password combination for multiple websites.
Use a password manager such as SplashID to organize and protect passwords,
generate random passwords, and automatically log into websites.
4. ‘123456’ WORST PASSWORD OF
THE YEAR 2016
Dictionary attacks: Avoid consecutive keyboard combinations— such as qwerty or asdfg. Don’t use dictionary
words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that
automatically plugs common words into password fields. Password cracking becomes almost effortless with a
tool like John the Ripper or similar programs.
Cracking security questions: Many people use first names as passwords, usually the names of
spouses, kids, other relatives, or pets, all of which can be deduced with a little research. When you click the
“forgot password” link within a webmail service or other site, you’re asked to answer a question or series of
questions. The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo
account was hacked.
Simple passwords: Don’t use personal information such as your name, age, birth date, child’s name, pet’s
name, or favorite color/song, etc. When 32 million passwords were exposed in a breach last year, almost 1% of
victims were using “123456.” The next most popular password was “12345.” Other common choices are
“111111,” “princess,” “qwerty,” and “abc123.”
Reuse of passwords across multiple sites: Reusing passwords for email, banking, and
social media accounts can lead to identity theft. Two recent breaches revealed a password reuse rate of 31%
among victims.
Social engineering: Social engineering is an elaborate type of lying. An alternative to traditional
hacking, it is the act of manipulating others into performing certain actions or divulging confidential information.
5. ‘123456’ WORST PASSWORD OF
THE YEAR 2016
How to make them secure
1. Make sure you use different passwords for each of your accounts.
2. Be sure no one watches when you enter your password.
3. Always log off if you leave your device and anyone is around—it only takes a
moment for someone to steal or change the password.
4. Use comprehensive security software and keep it up to date to avoid keyloggers
(keystroke loggers) and other malware.
5. Avoid entering passwords on computers you don’t control (like computers at an
Internet café or library)—they may have malware that steals your passwords.
6. Avoid entering passwords when using unsecured Wi-Fi connections (like at the
airport or coffee shop)—hackers can intercept your passwords and data over this
unsecured connection.
6. ‘123456’ WORST PASSWORD OF
THE YEAR 2016
7. Don’t tell anyone your password. Your trusted friend now might not be your friend in the
future. Keep your passwords safe by keeping them to yourself.
8. Depending on the sensitivity of the information being protected, you should change your
passwords periodically, and avoid reusing a password for at least one year.
9. Do use at least eight characters of lowercase and uppercase letters, numbers, and symbols
in your password. Remember, the more the merrier.
10. Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10
characters and says “I am happy to be 29!” I wish.
11. Use the keyboard as a palette to create shapes. %tgbHU8*- Follow that on the keyboard. It’s
a V. The letter V starting with any of the top keys. To change these periodically, you can slide
them across the keyboard. Use W if you are feeling all crazy.
12. Have fun with known short codes or sentences or phrases. 2B-or-Not_2b? —This one says
“To be or not to be?”
13. It’s okay to write down your passwords, just keep them away from your computer and mixed
in with other numbers and letters so it’s not apparent that it’s a password.
7. ‘123456’ WORST PASSWORD OF
THE YEAR 2016
14. You can also write a “tip sheet” which will give you a clue to remember your
password, but doesn’t actually contain your password on it. For example, in the
example above, your “tip sheet” might read “To be, or not to be?”
15. Check your password strength. If the site you are signing up for offers a
password strength analyzer, pay attention to it and heed its advice.