The worst passwords of 2014 – and what we can learn from them

2014 was the year of the leaky, hacked, unsecure internet – the year we all came face to face with the fact that our details aren’t safe. And that harsh lesson really didn’t sink in. Most hacking is done through old-fashioned channels like email fraud, but when passwords are leaked, it often turns out there was no need, to judge by some of these.

Password management firm SplashData released its list of last year’s worst passwords,and they’re exactly as bad as you can imagine. The company got its data by analysing the 3 million or so passwords that were leaked last year, and arranged them in league order of most to least common. Of course, the more common your password the easier it is to guess – but when it’s both really common and really weak, it makes you wonder why hackers bother to steal it when they could just guess.

The top 5 offenders

These are the 5 most common leaked passwords of 2014:

1: 123456
2: password
3: 12345
4: 12345678
5: qwerty

Yes, seriously.

Lessons to learn

First, never ask IT why your password has to be 14 characters long!
Second, look at what these characters did and do the opposite to create a strong password.

These passwords all display a total lack of thought. Faced with a decision – which password? – these people tapped a few keys without thinking it through at all. So, consider: any keys that are already next to each other on the keyboard are a bad choice, so is a long numerical sequence like ‘1234.’ And ‘password’? Also not good.

Widen the net: your name? Out. Your company’s name? Also a bad choice. And if you live in LA, ‘Lakers’ isn’t too great either. What unites these bad choices is that they’re easy to guess if someone knows one other thing about you. For the same reason, your partner or children’s names aren’t good choices.

Creating a strong password

Strong passwords are strong because they’re really hard to guess. Using things like the letter ‘3’ for ‘e’ or the number ‘4’ for the word ‘for’ are now predictable. Instead use a password using unconnected words with symbols, caps and numbers scattered throughout. It’s also a good idea to have a different password for each account: having the same keys for car, garage, house and office obviously spells trouble, and the same logic applies here.

Are your employees using strong passwords? Waypoint can assess your IT needs and provide expert solutions to help you keep your business and data more secure.


Posted on: 03.11.15