The Top 25 Worst Passwords of 2014 is here; '123456' still top

Posted Jan 20, 2015 by James Walker
SplashData has released its updated list of the Top 25 Worst Passwords for 2014, continuing the new tradition since 2011. As might be expected, "123456" still tops the chart, followed in second place by the decidedly simple "password."
A password screen on WindowsXP home page
A password screen on WindowsXP home page
The top five worst passwords of 2014, shamed once more and still used by hundreds of thousands each day, are "123456," "password," "12345," "12345678" and "qwerty," all of which share a common lack of inspiration. It isn't by coincidence that the world's worst password happens to be the top row of the keyboard.
"Password" lost its title in first place to "123456" in 2013, meaning that it is continuing its stint at the top for a second time from today. Last year, the top five comprised "123456", "password," "12345678", "qwerty" and "abc123." In 2012, "password" was top and "123456" second.
SplashData publishes the list in order to encourage wider-spread adoption of stronger passwords, although it would appear that it is somewhat failing in this mission. A strong password should be at least 8 characters in length — but longer is always better — and should include a mixture of lowercase and uppercase characters, numbers and other punctuation symbols. Ideally, a different password should be used with every service so that if one is breached the attackers only have access to your data on that service.
The 2014 list continues to include "dragon" at number 9, "football" at 10 and "monkey" at 12. In 13th place is the venerable "letmein", followed by "abc123" which has dropped eight places since last year. In 15th place is "111111". Towards the bottom of the list, "696969" takes 22nd, "123123123" 23rd, "batman" 24th and, the last to be named and shamed, "trustno1" makes it in at 25th.
If you struggle to remember long or complex passwords, you should take a look at password management software. You will only need to remember one "master" key to unlock the software, which will be able to secure the details of your passwords you use on other services for you. Alternatively, try jumbling up a phrase that only has meaning to you, replacing phonetic sounds with numbers or other characters to add some variety. This will fend off brute force or dictionary attacks where software tries all the words in a dictionary as passwords to gain access to an account.
SplashData's latest list shows that the majority of us are still as lazy as ever regarding taking our digital security seriously. The list highlights how little a password means to people if they are prepared to club together with thousands and type only the first few characters on their keyboard. If you use "123456", "password" or anything else in the list it is advisable to change it to something more secure so that your data has more protection against the various internet nasties around.