Worst passwords of 2013 include a new top no-no

The Right Click

It seems that every year, despite warnings from security experts, we see people getting their account hacked or taken over because of easy-to-crack passwords. Just like setting the PIN number on your debit card to “0000” is a terrible idea, so is using an easy, largely impersonal password.

Security firm SplashData has released its annual list of the worst passwords to have, based on them being the most popularly-used passwords. The firm takes stolen passwords that have been posted online over the course of the year, and assembles a list of the 25 most frequently appearing passwords.

[ More Right Click: Last year’s top 25 worst passwords ]

This year’s results are somewhat skewed, PC World explains, on account of the massive data breach of Adobe login information in October 2013. The rise in popularity of “123456,” this year’s new most-common password, could be at least somewhat attributed to almost 100 million of the Adobe accounts being test accounts or inactive, which may skew its frequency of use.

You can also see evidence of the Adobe hack in other new list items, namely “photoshop” and “adobe123.” The lesson from those? Don’t use the name of the application you’re using in your password, if you want your account to be secure.

Here’s this year’s worst passwords list:

1. 123456 (up 1) 2. password (down 1) 3. 12345678 (unchanged) 4. qwerty (up 1) 5. abc123 (down 1)
6. 123456789 (new) 7. 111111 (up 2) 8. 123457 (up 5) 9. iloveyou (up 2) 10. adobe123 (new)
11. 123123 (up 5) 12. admin (new) 13. 1234567890 (new) 14. letmein (down 7) 15. photoshop (new)
16. 1234 (new) 17. monkey (down 11) 18. shadow (unchanged) 19. sunshine (down 5) 20. 12345 (new)
21. password1 (up 4) 22. princess (new) 23. azerty (new) 24. trustno1 (down 12) 25. 000000 (new)

[ Related: Find out how much your email is worth to a hacker ]

Interesting omissions from this year’s list include some perennial favourites including “dragon,” “ashley” and “baseball,” while other passwords, like “jesus,” “ninja” and “welcome” all spent only a single year on the list before dropping off the top 25 again.

SplashData offers up some tips for creating a more secure password, particularly if yours showed up anywhere on this list:

  1. Create passwords of at least eight characters or more, combining different types of characters
  2. Avoid using the same password for multiple websites
  3. If you need help keeping track of passwords, use a password management application or the built-in software in your operating system
  4. Consider using passphrases instead of passwords: Combine a sequence of random words you’ll remember rather than a common phrase

Need to know what’s hot in tech? Follow @YRightClick on Twitter!