Top 25 Worst Passwords of 2018 According to SplashData
- SplashData 2018 worst passphrase report features the same winner for the fifth consecutive year
- Many people show a clear indifference for the risk of seeing their accounts getting hacked
- Biometric authentication may be the only way to get around this serious problem
Passwords in the form of written characters remain the primary means of authentication, and no matter how many times people are urged to adopt something that is considered “strong”, many still opt for passes that are easy to remember and use.
According to the SplashData annual report for 2018, “bad habits die hard” as users continue to use weak, predictable, and easily guessable passwords that make the lives of hackers easier. The latter can simply try out names that are currently popular in the news, and the chances of getting access to private accounts of unsuspected users are high. But celebrity names are only scraping the surface of the problem, as the same liable passes that topped last year’s list are making a comeback in 2018 as well.
In the first place, and for the fifth consecutive year, there is the “123456” pass, which can be safely considered as the equivalent of not having a password at all. In the second place, comes the almost ironic “password” which is like trying to hide something by exhibiting it in the open. In the next couple of places, we see iterations that involve an incremental increase in the same numerical series, the eternal “qwerty”, the good old but always worthy “!@#$%^”, and the new entry that is “donald”. Check out the top 25 below:
- 123456 (Rank unchanged from last year)
- password (Unchanged)
- 123456789 (Up 3)
- 12345678 (Down 1)
- 12345 (Unchanged)
- 111111 (New)
- 1234567 (Up 1)
- sunshine (New)
- qwerty (Down 5)
- iloveyou (Unchanged)
- princess (New)
- admin (Down 1)
- welcome (Down 1)
- 666666 (New)
- abc123 (Unchanged)
- football (Down 7)
- 123123 (Unchanged)
- monkey (Down 5)
- 654321 (New)
- !@#$%^&* (New)
- charlie (New)
- aa123456 (New)
- donald (New)
- password1 (New)
- qwerty123 (New)
The data is somewhat biased though, as it doesn’t correspond to the “most used” passwords but the most used passes from those who were compromised. SplashData evaluates a set of five million leaked passwords excluding those that leaked from adult websites. As the report states in its summary: “Our hope by publishing this list each year is to convince people to take steps to protect themselves online.” It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”
The advice of SplashData to users who want to protect themselves from hackers is to use passphrases that consist of twelve characters or more, use different passwords on each platform, and use a password manager to handle the process securely and comfortably. The truth is though that reports and advice like the above are unlikely to change the situation, so the 2019 list will almost certainly feature exactly the same passphrases. The only way to increase password strength and security for all users will be to replace written character-based passwords with biometric authentication technologies.
If people are capable of simply using their fingerprints or eye iris to authenticate themselves, the password strength will be exponentially better, the input will be equally quick and simple as a weak written password, and the social engineering methods that hackers often use will be rendered entirely useless. The only issue then will be to handle the biometric data storage database securely, but this can also be resolved with image cryptography that will be quite hard to unlock.
What are your thoughts on SplashData’s report, and do you think that the vast majority of people can ever get more conscious with their password selection? Let us know in the comments below, and don’t forget to like and share this piece by visiting our Facebook and Twitter pages.