The worst online passwords: Did you make the list?

From your email account to your iPhone, it seems that everything requires a password nowadays. With the dozens (or hundreds!) of passwords that everyone is supposed to remember, it’s only natural that many people will take the lazy way out and pick an easy to remember password like, well password!

It turns out that “password” was indeed the most commonly used password on the internet according to a report compiled by SplashData and posted by PC World. The company created the list by examining password dumps posted online by crackers, some from very notable attacks.

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

So what makes a secure password? Well, it should be a minimum of eight characters and should contain a mixture of upper and lower case letters, numbers, and symbols. The more characters, the harder it will be to break. You should also avoid using the same password on more than one site, although you can probably reuse passwords for websites that contain no personal information and that you don’t care about being compromised. Another tip is instead of using words, pick a phrase or song lyric and base your password on that. If you're a Dream Theater fan, for example, maybe you could use "pmu!IamNOTa" for "Pull me under, I am not afraid."

Another security concern to take into consideration is the fact that some installations of Windows store your password insecurely. This is because older versions of Windows use what is called a LAN Manager Hash, or LMHash for short, and this is an easy hash to break. You could have an ultra-secure 14-character password, but if Windows is not configured to ignore the LMHash it will be stored as two individual seven-character passwords in the system, making a break-in extremely easy. If you’re really paranoid, create a 15-character password because that will always avoid the LMHash vulnerability.

So how do you keep all of these passwords safe? While some may recommend an online password manager, by doing so you’re trusting that nobody on the Internet will be able to intercept your keys. Instead, rely on a desktop solution like TrueCrypt or Password Safe for your security needs.

It’s interesting to note that even a password that appears secure on the surface, such as “qazwsx” is not safe because cracking tools use keyboard patterns in their dictionary as well.

Image Courtesy of Twitip.com

Poll

Have you ever used one of these passwords?

Report a problem with article
Previous Story

Nintendo on DLC: games should be "a complete experience"

Next Story

AT&T raises iPhone 3GS price to $0.99

80 Comments

View more comments

All 3 passwords Ive used in the past are pretty easy common english things. Paypal forces actually to use a strong password and on Paypal I have a variation of one of those 3 using a capital letter, a number and a symbol inbetween the password. Example if my easy password was "google" (it isnt, I invite you to try) my Paypal is something like

"gOoGl9!e"

I consider it moronic (unless it is top secert or governmental) to use a 16 alpha-numeric character long consisting of upper/lower case, numbers and symbols. It is hard to remember and nothing that you have is that important.

I have used welcome before when setting up profiles.

I also use password1 when I am signing up to a site I don't really want a long membership to.

My passwords now? Some are very simple, some not so but according to howsecureismypassword.net it would take 600 years to hack my most secure, but just my least secure says "Common Password: In The Top 3,600 Most Used Passwords. Your password is very commonly used. It would be hacked almost instantly.". Meh.

Mr Spoon said,
I have used welcome before when setting up profiles.

I also use password1 when I am signing up to a site I don't really want a long membership to.
My passwords now? Some are very simple, some not so but according to howsecureismypassword.net it would take 600 years to hack my most secure, but just my least secure says "Common Password: In The Top 3,600 Most Used Passwords. Your password is very commonly used. It would be hacked almost instantly.". Meh.

just 600yrs try this

It would take a desktop PC
About 5 million years
to hack your password

same Pword I use everywhere I go

I use the same password at every site with a simple variation of the last letter(s) or number(s) being different according to what site I'm on.

Nothing I'm really TO worried about anyway. I guess if the site that get's hacked gives up my password, it must not have been a very secure site anyway. Actually just had that happen a few months ago when dslreports.com got passwords hacked. Had to change my password there then. First time ever!!

Nope,
My password isn't on that list either and I've NEVER used a single one of those. Don't know anyone who has either.

tuckeratlarge said,
I was asked, at work, recently for a password with eight characters.

So I chose "Snow White and the Seven Dwarfs"

Ha, funny!
But you forgot the evil witch and the prince!

President Skroob: [enters after the interrogation of King Roland] "Well? Did it work? Where's the king?"
Dark Helmet: "It worked, sir. We have the combination."
President Skroob: "Great. Now we can take every last breath of fresh air from planet Druidia. What's the combination?"
Dark Helmet: "1 2 3 4 5."
President Skroob: "1 2 3 4 5? That's amazing! I've got the same combination on my luggage! Prepare Spaceball 1 for immediate departure!"
Dark Helmet: "Yes, sir!"
President Skroob: "And change the combination on my luggage!"

ShiFteDReaLitY said,
Just doing some random passwords on http://howsecureismypassword.net/ apparently the password abcdefghijklmnopqrstuvwxyz is pretty secure..not sure if just because its long password or what but just found it funny... and my lowest password to hack according to that site is 768 years

"i can't remember" would take 35 billion years to hack.

Yea, that site is not to accurate. It may only being 1 type of algorythm its using to brute force passwords. Rainbow Tables will crack through a good deal of passwords very fast.

A lot of people here seem to comment only to tell everyone how secure their passwords are..

Also, I'm amazed there hasn't been a single reference to hunter2 so far...

wx4VStaC8eOMYOurLpqt6Y6FOL6Froz20uLeDPk20XirpcfPJ0EOXNMobQR46lI6TSvxD69JSMABhAsTeDMxEULbEIq8aTjt5CDC

^My usual type of password, but can vary ^

xpclient said,
Those 10% who click "Yes" must be having a very low IQ. They should give up computing and stop coming to Neowin.

The question does say "ever." I'll fully admit that I used one of them in the past. Granted it was in the BBS days in the 80s when I was a kid, but I've used one.

Commenting is disabled on this article.