The 25 worst passwords of 2013: 'password' gets dethroned

The new champion on security firm Splashdata's list isn't much better, though

"123456" is finally getting some time in the spotlight as the world's worst password, after spending years in the shadow of "password."

Security firm Splashdata, which every year compiles a list of the most common stolen passwords, found that "123456" moved into the number one slot in 2013. Previously, "password" had dominated the rankings.

[ Learn how to secure your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

The change in leadership is largely thanks to Adobe, whose major security breach in October affected upwards of 48 million users. A list of passwords from the Adobe breach had "123456" on top, followed by "123456789" and "password." The magnitude of the breach had a major impact on Splashdata's results, explaining why "photoshop" and "adobe123" worked their way onto this year's list.

Fans of "password" could reasonably petition for an asterisk, however, given that the stolen Adobe passwords included close to 100 million test accounts and inactive accounts. Counting those passwords on the list is kind of like setting a home run record during batting practice. Don't be surprised if "password" regains the throne in 2014.

Weaker passwords are more susceptible to brute-force attacks, where hackers attempt to access accounts through rapid guessing. And when encrypted passwords are stolen, weaker ones are the first to fall to increasingly sophisticated cracking software.

As always, Splashdata suggests avoiding common words and phrases, and says that replacing letters with similar-looking numbers (such as "3" instead of "E) is not an effective strategy. Instead, consider using phrases of random words separated by spaces or underscores, and using different passwords, at least for your most sensitive accounts. Password management programs such as LastPass, KeePass and Splashdata's own SplashID can also help, as you only have to remember a single master password.

Here's the full list of worst passwords from 2013, according to Splashdata:

1. 123456

2. password

3. 12345678

4. qwerty

5. abc123

6. 123456789

7. 111111

8. 1234567

9. iloveyou

10. adobe123

11. 123123

12. admin

13. 1234567890

14. letmein

15. photoshop

16. 1234

17. monkey

18. shadow

19. sunshine

20. 12345

21. password1

22. princess

23. azerty

24. trustno1

25. 000000

This story, "The 25 worst passwords of 2013: 'password' gets dethroned" was originally published by PCWorld.

From CIO: 8 Free Online Courses to Grow Your Tech Skills
Join the discussion
Be the first to comment on this article. Our Commenting Policies