These Are The 25 Worst Passwords Of 2015

Discussion in 'Current Events' started by jasetaro, Jan 19, 2016.

  1. jasetaro

    jasetaro Administrator
    Staff Member

    May 20, 2011
    Likes Received:
    From Networkworld:

    Look on the bright side! There’s one good thing that comes out of all those website breaches every year: Security researchers get to comb through all those lists of usernames and passwords to remind us just how bad most of our passwords are. Now that we’re well into 2016, password management company SplashData just released its annual round-up of the worst passwords of 2015.

    The report is based on more than 2 million passwords that leaked online during the year. One trend the company found in 2015 is that while users are coming up with longer passwords (that’s good), they are simple and not random (that’s bad). Two examples the company points to are ‘1234567890’ and ‘qwertyuiop’. One just uses every number key and the other uses the top row of keys on a standard QWERTY keyboard.

    The more common password faux pas remain including basic numerical passwords and sports terms. Star Wars: The Force Awakens was big news in 2015, and it appears quite a few people went with Star Wars-themed passwords such as ‘starwars,’ ‘solo,’ and ‘princess.’

    Star Wars fans may be Jedis in other areas, but when it comes to passwords they’re still Padawans.

    Here’s Splashdata's complete list of the 25 worst passwords for 2015, with their ranking from 2014 in brackets:

    1. 123456 (Unchanged)
    2. password (Unchanged)
    3. 12345678 (Up 1)
    4. qwerty (Up 1)
    5. 12345 (Down 2)
    More @

    :facepalm: Wow, just wow...Here's some good advice on creating a strong password:

  2. dragonbite

    dragonbite Well-Known Member

    Aug 30, 2008
    Likes Received:
    If it is for a system that I don't have to type in the password (such as a database login that a website is going to use) then I'll use a strong password generator (12-16 characters) and use that. Save it in the website or config file and once in a document holding all of the details for a project.

    If it is one I have to enter in myself,... I have my own methods.

    One thing to click the "forgot my password" link see how they handle it. If they can send you your password, dump the service ASAP because it means it is store as plain text somewhere (and if it is saved on a computer, it can be leaked)! Any site worth their salt in this day-and-age will send you a link to reset your password or give you a temporary password as they do not have access to your actual password in a means it can be used!

Share This Page