The worst online passwords: Did you make the list?

From your email account to your iPhone, it seems that everything requires a password nowadays. With the dozens (or hundreds!) of passwords that everyone is supposed to remember, it’s only natural that many people will take the lazy way out and pick an easy to remember password like, well password!

It turns out that “password” was indeed the most commonly used password on the internet according to a report compiled by SplashData and posted by PC World. The company created the list by examining password dumps posted online by crackers, some from very notable attacks.

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

So what makes a secure password? Well, it should be a minimum of eight characters and should contain a mixture of upper and lower case letters, numbers, and symbols. The more characters, the harder it will be to break. You should also avoid using the same password on more than one site, although you can probably reuse passwords for websites that contain no personal information and that you don’t care about being compromised. Another tip is instead of using words, pick a phrase or song lyric and base your password on that. If you're a Dream Theater fan, for example, maybe you could use "pmu!IamNOTa" for "Pull me under, I am not afraid."

Another security concern to take into consideration is the fact that some installations of Windows store your password insecurely. This is because older versions of Windows use what is called a LAN Manager Hash, or LMHash for short, and this is an easy hash to break. You could have an ultra-secure 14-character password, but if Windows is not configured to ignore the LMHash it will be stored as two individual seven-character passwords in the system, making a break-in extremely easy. If you’re really paranoid, create a 15-character password because that will always avoid the LMHash vulnerability.

So how do you keep all of these passwords safe? While some may recommend an online password manager, by doing so you’re trusting that nobody on the Internet will be able to intercept your keys. Instead, rely on a desktop solution like TrueCrypt or Password Safe for your security needs.

It’s interesting to note that even a password that appears secure on the surface, such as “qazwsx” is not safe because cracking tools use keyboard patterns in their dictionary as well.

Image Courtesy of


Have you ever used one of these passwords?

Report a problem with article
Next Article

AT&T raises iPhone 3GS price to $0.99

Previous Article

Nintendo on DLC: games should be "a complete experience"

80 Comments - Add comment