In our line of defense against hackers, our passwords may be the first – or last – hurdle between malicious cybercriminals and our most sensitive information. Unique, complex logins should be used to protect our emails, social networks, bank accounts, shopping transactions and more. It is important to take great care crafting these passwords; however, the majority of Americans do not.
Each January, password management firm SplashData compiles and shares a list of the worst logins from the year prior. In 2015, the firm examined more than two million passwords that were leaked and breached.
Holding fast at first and second place are “123456” and “password,” respectively. Both passwords have topped SplashData’s list for the past five years. In addition to thoughtless, keyboard-lazy passwords (like “111111” and “qwerty”), sports and pop culture references were also overused. “Football” was number seven on SplashData’s list, with “baseball” close behind at number 10. The Force also had a hand in some of the worst passwords of 2015, driving “princess,” “solo,” and “starwars” up the Top 25 list.
“As we see on the list, using common sports and pop culture terms is also a bad idea,” said Morgan Slain, CEO of SplashData. “We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”
If your password(s) appear on this list, make a resolution to change them right now.
For the strongest passwords:
- Make sure your combinations are at least 12 characters long, and are a cryptic combination of letters and numbers.
- Take care to avoid your name, birthday, or pet’s name.
- Create a unique password for each site.
- Change your passwords a few times a year, and especially after being notified after a breach.
- Implement two-factor authentication for sites whenever possible.