The Inquirer-Home

'123456' is dubbed 2013’s worst password

Worse than 2012’s password 'password'
Tue Jan 21 2014, 11:02

PASSWORD MANAGEMENT SOFTWARE OUTFIT Splashdata has published a list of the worst passwords entered by users over the last 12 months.

The firm has a keen interest in passwords and has compiled its list of wet paper bag protection by looking at the leaks that followed hacking attacks on firms like Adobe.

"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," said Splashdata CEO Morgan Slain.


"Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies."

The string "123456" moved up a place this year, and removed "password" from its top position. The string "password" dropped into second place and the rest of the top five are "12345678", which held steady in third place, "qwerty", which is fourth, and UK government favourite "abc123" is fifth. The latter two switched places last year.

Yesterday we learned that "abc123" is considered an adequate password by the UK government for people who can see the point in security but are reluctant to put too much work into it.

"We use the analogy that 'if you haven't got a lock on your door, any lock is better than no lock'," said Tony Neate, the head of the UK government's Get Safe Online campaign.

"But if you are going to put a lock on your door, the best one to put on is a five-lever [mortice] lock. It's the same analogy. I would recommend anyone to have a good, solid password. But if they haven't got a password then 'abc123' is a starting point. I'm not suggesting people should have 'abc123'. But something is better than nothing, and I'm very pragmatic when it comes to passwords."

Going by the Splashdata figures "abc123" is a frankly pointless password to have. You would presumably be better off having a password created by the letter mash that would result from you hitting your forehead against a keyboard. You might not be able to remember it, but it is much less likely to be cracked.

Splashdata said that best practice is passwords of eight characters or more with mixed types of characters. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015