Far Too Many People Are Still Using "Password" as a Password
Passwords are both the most discussed security measure and the least secure.
Motherboard reports that a study of passwords leaked over the past year show that many users are recycling the same bad passwords they have been using for years and years:
SplashData estimates that nearly 10 percent of people have used at least one of the 25 worst passwords on this year’s list, and almost 3 percent used the worst password, ‘123456’. ‘Password’ was the second most popular password.
Other numeric passwords that weren’t new to the list were ‘12345678’ in third place, ‘12345’ at number five, and ‘1234567’ in seventh place. But there were some new, more creative (or, you know, not) variations: ‘123456789’ (in sixth place), and ‘123123’ in 17th.
Additional repeat offenders include a handful of very obvious words: ‘qwerty,’ ‘football,’ ‘‘admin,’ ‘welcome,’ ‘login,’ ‘abc123,’ ‘dragon,’ ‘passw0rd,’ and ‘master.’ But there were some new passwords on the top 25 list this year, including ‘letmein,’ ‘iloveyou,’ ‘monkey,’ ‘starwars,’ ‘hello,’ ‘freedom,’ ‘whatever,’ ‘qazwsx’ (from the two left columns on a standard keyboard), and ‘trustno1.’ The new passwords replaced 2016’s ‘123456790,’ ‘princess,’ ‘1234,’ ‘solo,’ ‘121212,’ ‘flower,’ ‘sunshine,’ ‘hottie,’ ‘loveme,’ ‘zaq1zaq1,’ and ‘password1.’
Many people wrongly assume that adding a zero instead of the letter O will make their passwords more secure, but, as SplashData CEO Morgan Slain is quick to point out in a press release, “hackers know your tricks, and merely tweaking an easily guessable password does not make it secure.” Additionally, Slain points out that attackers are quick to use common pop culture terms to break into accounts online, in case you thought you were the only Star Wars fan.
I think part of the problem is that people have heard the password mantra so many times that they have tuned it out. Instead, as time went by and users had to set up accounts on more and more sites and had to invent (and remember) more and more passwords, they just stopped caring.
Rather than lecture everyone on choosing secure passwords, it would be more productive to push them to use a secure password manager which will solve the issue for them without bothering anyone.
That way they will be more secure, and yet won’t have to put any work into it.
That’s the best of both words, don’t you think?
P.S. The top 25 most common passwords of 2017 were:
- 123456
- Password
- 12345678
- qwerty
- 12345
- 123456789
- letmein
- 1234567
- football
- iloveyou
- admin
- welcome
- monkey
- login
- abc123
- starwars
- 123123
- dragon
- passw0rd
- master
- hello
- freedom
- whatever
- qazwsx
- trustno1
image by Worlds Direction
Comments
BDR December 19, 2017 um 3:53 pm
It kinda depends upon what the password is for because there are a whole lot of sites that require one for no good reason and 'password' makes a reasonable choice for them.
Mackay Bell December 19, 2017 um 4:58 pm
Exactly, it is far more dangerous to use your real password (say to unlock your phone or computer) on an minor online site than to use "password." Never use your real password on some public forum or to create a new account somewhere. Yes, ideally you should have unique and complex passwords for every different situation, but the bigger issue is to keep your passwords secret for important things like banking and unlocking phones. So if you’re asked to create an account for "Zombie Fan Fiction Archive," just using "password" isn’t a big deal if you don’t share any personal or financial information.
Oh, and just so you know, I changed my password for ZFFA, so don’t try it.
Russell Phillips December 19, 2017 um 6:06 pm
I have a lot of accounts that I consider important. I’d be mortified if my email or social media account was used to post spam. Likewise with various forums, or my WordPress account.
Your mileage may vary, of course, but for me, a password manager is the only sensible solution.
Far Too Many People Are Still Using “Password” as a Password | The Passive Voice | A Lawyer's Thoughts on Authors, Self-Publishing and Traditional Publishing December 19, 2017 um 4:31 pm
[…] Link to the rest at The Digital Reader […]
Karl December 19, 2017 um 8:09 pm
My password for more picky/demanding sites is Atleastonecapitalletterand1digit.
Oh wait — should I not be saying that here?
President Skroob December 20, 2017 um 8:38 pm
1 2 3 4 5?
That’s amazing, I’ve got the same combination on my luggage.
Nate Hoffelder December 20, 2017 um 8:42 pm
Me, too!
Top Picks Thursday! For Writers and Readers 12-21-2017 | The Author Chronicles December 21, 2017 um 1:03 pm
[…] would have created difficult passwords for their accounts, but Nate Hoffelder reveals that far too many people are still using “password” as a password. If you’re still using one of the common ones he lists, change […]
Readers can’t Digest-Week 164 (20-Dec to 26-Dec) | December 25, 2017 um 4:32 pm
[…] 3. Far Too Many People Are Still Using “Password” as a Password […]