Far Too Many People Are Still Using “Password” as a Password

Far Too Many People Are Still Using "Password" as a Password Security & Privacy

Passwords are both the most discussed security measure and the least secure.

Motherboard reports that a study of passwords leaked over the past year show that many users are recycling the same bad passwords they have been using for years and years:

SplashData estimates that nearly 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and almost 3 percent used the worst password, ‘123456’. ‘Password’ was the second most popular password.

Other numeric passwords that weren’t new to the list were ‘12345678’ in third place, ‘12345’ at number five, and ‘1234567’ in seventh place. But there were some new, more creative (or, you know, not) variations: ‘123456789’ (in sixth place), and ‘123123’ in 17th.

Additional repeat offenders include a handful of very obvious words: ‘qwerty,’ ‘football,’ ‘‘admin,’ ‘welcome,’ ‘login,’ ‘abc123,’ ‘dragon,’ ‘passw0rd,’ and ‘master.’ But there were some new passwords on the top 25 list this year, including ‘letmein,’ ‘iloveyou,’ ‘monkey,’ ‘starwars,’ ‘hello,’ ‘freedom,’ ‘whatever,’ ‘qazwsx’ (from the two left columns on a standard keyboard), and ‘trustno1.’ The new passwords replaced 2016's ‘123456790,’ ‘princess,’ ‘1234,’ ‘solo,’ ‘121212,’ ‘flower,’ ‘sunshine,’ ‘hottie,’ ‘loveme,’ ‘zaq1zaq1,’ and ‘password1.’

Many people wrongly assume that adding a zero instead of the letter O will make their passwords more secure, but, as SplashData CEO Morgan Slain is quick to point out in a press release, “hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.” Additionally, Slain points out that attackers are quick to use common pop culture terms to break into accounts online, in case you thought you were the only Star Wars fan.

I think part of the problem is that people have heard the password mantra so many times that they have tuned it out. Instead, as time went by and users had to set up accounts on more and more sites and had to invent (and remember) more and more passwords, they just stopped caring.

Rather than lecture everyone on choosing secure passwords, it would be more productive to push them to use a secure password manager which will solve the issue for them without bothering anyone.

That way they will be more secure, and yet won't have to put any work into it.

That's the best of both words, don't you think?

P.S. The top 25 most common passwords of 2017 were:

  1. 123456
  2. Password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. letmein
  8. 1234567
  9. football
  10. iloveyou
  11. admin
  12. welcome
  13. monkey
  14. login
  15. abc123
  16. starwars
  17. 123123
  18. dragon
  19. passw0rd
  20. master
  21. hello
  22. freedom
  23. whatever
  24. qazwsx
  25. trustno1

image  by Worlds Direction

About Nate Hoffelder (11161 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader:"I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

6 Comments on Far Too Many People Are Still Using “Password” as a Password

  1. It kinda depends upon what the password is for because there are a whole lot of sites that require one for no good reason and ‘password’ makes a reasonable choice for them.

    • Exactly, it is far more dangerous to use your real password (say to unlock your phone or computer) on an minor online site than to use “password.” Never use your real password on some public forum or to create a new account somewhere. Yes, ideally you should have unique and complex passwords for every different situation, but the bigger issue is to keep your passwords secret for important things like banking and unlocking phones. So if you’re asked to create an account for “Zombie Fan Fiction Archive,” just using “password” isn’t a big deal if you don’t share any personal or financial information.

      Oh, and just so you know, I changed my password for ZFFA, so don’t try it.

      • I have a lot of accounts that I consider important. I’d be mortified if my email or social media account was used to post spam. Likewise with various forums, or my WordPress account.

        Your mileage may vary, of course, but for me, a password manager is the only sensible solution.

  2. My password for more picky/demanding sites is Atleastonecapitalletterand1digit.
    Oh wait — should I not be saying that here?

  3. 1 2 3 4 5?
    That’s amazing, I’ve got the same combination on my luggage.

3 Trackbacks & Pingbacks

  1. Far Too Many People Are Still Using “Password” as a Password | The Passive Voice | A Lawyer's Thoughts on Authors, Self-Publishing and Traditional Publishing
  2. Top Picks Thursday! For Writers and Readers 12-21-2017 | The Author Chronicles
  3. Readers can’t Digest-Week 164 (20-Dec to 26-Dec) |

Leave a comment

Your email address will not be published.


*