Categories
Compliance>PCI|Compliance>Privacy

Top 25 Passwords from 2013: 123456 reigns supreme

2013 crowned a new champion of the #1 password based on passwords collected from data breaches.  The top password for 2012 was ‘password,’ but 2013 announces that ‘123456,’ reigns supreme.

SplashData, a security firm, releases their findings each year of the top passwords discovered from breaches.  This year, due to the size of the Adobe breach, you’ll see some Adobe passwords make the list.

  1. 123456 (+1)
  2. password (-1)
  3. 12345678 (0)
  4. qwerty (+1)
  5. abc123 (-1)
  6. 123456789
  7. 111111 (+2)
  8. 1234567 (+5)
  9. iloveyou (+2)
  10. adobe123
  11. 123123 (+5)
  12. admin
  13. 1234567890
  14. letmein (-7)
  15. photoshop
  16. 1234
  17. monkey (-11)
  18. shadow
  19. sunshine (-5)
  20. 12345
  21. password1 (+4)
  22. princess
  23. azerty
  24. trustno1 (-12)
  25. 000000

So what can you glean from this?  First, if your password is in this list, change it immediately.  It is literally one of the first passwords someone will try if you are targeted.  Second, it shows why users should not use the names of the application they are protecting in their passwords nor easy to remember letter and number combinations.

Securit360 recommends using a password manager to store complex and unique passwords for as many situations as you can  Where you can’t use a password manager, we recommend using passphrases made up of letters, numbers and symbols.  The longer the word the better, preferably 10 or more characters.  If you have to choose between long or complex, choose long.  Don’t use common words or phrases, don’t be predictable.  Don’t share passwords among accounts, but find a way to make a unique password for each account. Don’t use real information in your security questions, but if you do, use a phrase and not just a single word.  Turn on 2 factor authentication if it is available.