Neobytes :) The winners are announced for worst passwords of 2013

2013 has been over with for a few weeks now. Generally this is the time when we all look back to reflect on the year and make improvements for the new one. Well that concept certainly rings true for some unfortunate victims of online hacking. They really need to get the creative juices flowing to come up with some better passwords.

SplashData formed a list of the 25 worst passwords used in 2013, generated by a variety of hacked accounts. The previous year's winner (or loser, depending on the way you look at it) was "password" but for 2013 it lost its top rank to the newly preferred "123456."

There are quite a few entertaining password choices on the list though. Coming in at number 17 is "monkey" and my personal favorite at number 24 is "trustno1." I'd love to know what goes through the mind of the person when they have to type that password into an account they aren't authorized to use. Some new entrants for 2013's list include "12345" and "1234" — both of which were presumably conjured up by true visionaries in the making. Adobe-related passwords were a new trend as well.

"Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” said SplashData CEO Morgan Slain.

In all seriousness folks, if you want to keep your accounts and personal information safe online, the more complex the password the better. It might be harder to remember, but it will pay off in the long run.

Source: Re/code | Password in binary code image via Shutterstock

Report a problem with article
Previous Story

Report: Ballmer likely to resign from Microsoft board when new CEO announced

Next Story

Leaked images show Samsung Galaxy S5 might have a redesigned UI

32 Comments

Commenting is disabled on this article.

My password is cheesedoodlesarefantasticforeatingwhenyou'renotreallyhungrybutstillneedsomethingtoeat1234gggg...


I figure if they want to take the time to break it. Have it.

I use a similar password for my 'i don't care' and 'it don't matter' accounts. Sometimes people have thought about the use of these obvious passwords and they have decided that these passwords meet their needs.

I'm playing around with passphrases rather than passwords, with some of my usual character substitutions. Inspired by the XKCD cartoon. "Bit__y little grey c@t" should be harder to brute force than "Chara1"

i use handmade program that transform site name & user name into pseudo-randomizer seeds,
which then output some complex & lengthy pseudorandom passwords.

so i'll have:
- consistent complex passwords unique to site & username,
- without the need to remember those complex passwords
- theres no need to store said passwords anywhere be it local or in (insecure) cloud.
- if there ever breach to the site security, and because of it my password became known, such password can't be used for my other account in other sites.

Torolol said,
i use handmade program that transform site name & user name into pseudo-randomizer seeds,
which then output some complex & lengthy pseudorandom passwords.

so i'll have:
- consistent complex passwords unique to site & username,
- without the need to remember those complex passwords
- theres no need to store said passwords anywhere be it local or in (insecure) cloud.
- if there ever breach to the site security, and because of it my password became known, such password can't be used for my other account in other sites.


What happens with sites that require new passwords periodically? You have to change your User Name first?

M_Lyons10 said,

What happens with sites that require new passwords periodically? You have to change your User Name first?

i did encounter such sites,
in most case such sites usually wont accept new password change, if the new one was identical with the old one.
So i change the password in to a new one, after confirmed successful change
i change the password again, back into the old one.

I think this "use better password" thing is blown way out of proportion.
Look at the Adobe account stuff: The only thing you probably ever used your Adobe account for was to download a Trial of their software.
I will certainly use a crappy password for that account. It would be a waste of a good password if I put any thought in that.

If I ever intend to upgrade to the Creative Cloud and want to buy something with that account, the first thing then should certainly be to "upgrade" the account to a secure password.

dodgetigger said,
I think this "use better password" thing is blown way out of proportion.
Look at the Adobe account stuff: The only thing you probably ever used your Adobe account for was to download a Trial of their software.
I will certainly use a crappy password for that account. It would be a waste of a good password if I put any thought in that.

If I ever intend to upgrade to the Creative Cloud and want to buy something with that account, the first thing then should certainly be to "upgrade" the account to a secure password.


The problem is that the average person doesn't use multiple passwords...

Hello,

My personal opinion that you should recommend everyone to use a upper letter, lower letter, number and symbol (Ab1!) but at the end of the day everyone should choose what they want. For work, I use a pretty secure password but for home? I dont care much.

riahc3 said,
Hello,

My personal opinion that you should recommend everyone to use a upper letter, lower letter, number and symbol (Ab1!) but at the end of the day everyone should choose what they want. For work, I use a pretty secure password but for home? I dont care much.

why? Please don't. Unless a Site dealing with personal/financial or critical info, don't put this. I hate to remember every password and I hate anything that helps in remembering. Happy with "12345" for general communities.

btw, any thing happens from my account, is responsibility of me. So it's fine with me.

No surprise at this.
I still get sites to patch up after an attack that had User and Pass as the login details. No matter how non-tech you may be, you've got to see this is a bad idea.

Grunt said,
xkcd on passwords: http://xkcd.com/936

I use a word gen plugin for keepass to give me similar passwords loosely based on this.


You should give LastPass a look, browser plugin that will detect authentication boxes and if logged in will past the details in (user and pass) it also has a pass generator if it doesn't already have details and detects a sign up form.

I can just advice everyone to manage a password database(http://www.keepass.info). It is not that hard to use and some browser even have good plugins for it(Chrome and Firefox). This way you can have a unique password for every service you use. The past 2-4 Years showed that you cant rely on one password for all services.

-adrian- said,
I can just advice everyone to manage a password database(http://www.keepass.info). It is not that hard to use and some browser even have good plugins for it(Chrome and Firefox). This way you can have a unique password for every service you use. The past 2-4 Years showed that you cant rely on one password for all services.

I used keepass too but it's a local solution, I bougth a 2 year subscriptiion with kaspersky pure (99$ for 3 PCs a good deal IMO) and includes a very good password manager with browser integration... It syncs passwords with my laptops but not on mobile devices maybe they Will launch mobile apps in the future but I assume that the mobile ecosistem is very insecure

WinRT said,

I used keepass too but it's a local solution, I bougth a 2 year subscriptiion with kaspersky pure (99$ for 3 PCs a good deal IMO) and includes a very good password manager with browser integration... It syncs passwords with my laptops but not on mobile devices maybe they Will launch mobile apps in the future but I assume that the mobile ecosistem is very insecure

I use KeePass, my database is stored on my SkyDrive storage which works seamlessly with my Surface Pro 2 and Lumia 1020.

It has come to my attention that Yahoo will accept any other short worded password except "password". It seems it is indeed very common.