Passwords are both the most discussed security measure and the least secure.
Motherboard reports that a study of passwords leaked over the past year show that many users are recycling the same bad passwords they have been using for years and years:
SplashData estimates that nearly 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and almost 3 percent used the worst password, ‘123456’. ‘Password’ was the second most popular password.
Other numeric passwords that weren’t new to the list were ‘12345678’ in third place, ‘12345’ at number five, and ‘1234567’ in seventh place. But there were some new, more creative (or, you know, not) variations: ‘123456789’ (in sixth place), and ‘123123’ in 17th.
Additional repeat offenders include a handful of very obvious words: ‘qwerty,’ ‘football,’ ‘‘admin,’ ‘welcome,’ ‘login,’ ‘abc123,’ ‘dragon,’ ‘passw0rd,’ and ‘master.’ But there were some new passwords on the top 25 list this year, including ‘letmein,’ ‘iloveyou,’ ‘monkey,’ ‘starwars,’ ‘hello,’ ‘freedom,’ ‘whatever,’ ‘qazwsx’ (from the two left columns on a standard keyboard), and ‘trustno1.’ The new passwords replaced 2016's ‘123456790,’ ‘princess,’ ‘1234,’ ‘solo,’ ‘121212,’ ‘flower,’ ‘sunshine,’ ‘hottie,’ ‘loveme,’ ‘zaq1zaq1,’ and ‘password1.’
Many people wrongly assume that adding a zero instead of the letter O will make their passwords more secure, but, as SplashData CEO Morgan Slain is quick to point out in a press release, “hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.” Additionally, Slain points out that attackers are quick to use common pop culture terms to break into accounts online, in case you thought you were the only Star Wars fan.
I think part of the problem is that people have heard the password mantra so many times that they have tuned it out. Instead, as time went by and users had to set up accounts on more and more sites and had to invent (and remember) more and more passwords, they just stopped caring.
Rather than lecture everyone on choosing secure passwords, it would be more productive to push them to use a secure password manager which will solve the issue for them without bothering anyone.
That way they will be more secure, and yet won't have to put any work into it.
That's the best of both words, don't you think?
P.S. The top 25 most common passwords of 2017 were:
image by Worlds Direction