The Top ‘Worst’ Password of 2015 is ‘123456’ Again

The first and second placed “worst passwords of 2015” once again were “123456” and “password,” highlighting an ongoing security problem associated with using simple credentials to log-in to online accounts, according to SplashData.

image-related-articleleadwide-620x349-31889Every year the password management firm trawls the web for plain text password dumps, and publishes its findings to illustrate the importance of creating strong credentials.

In 2015 it found over two million such passwords – mostly coming from hacks, breaches or leaks and linked to users in North America and Western Europe. Around 3% were represented in the Top 25.

Aside from the top two, which remained unchanged from last year, SplashData reported “12345678” in third place and “qwerty” in fourth, with “12345” rounding out the top five.

The top 25 ‘worst’ passwords list also contained easy-to-guess words such as popular sports (football, baseball), and even some new Star Wars-related credentials (solo, princess, starwars).

SplashData’s advice is to use passwords or passphrases of 12 characters of more with a mix of characters, and to avoid reusing them on different sites. A password manager is recommended to simplify the process and create random, strong credentials.

AlienVault security advocate, Javvad Malik, claimed poor password management can undermine all the good security work done by a website or app developer.

“The reason why these common passwords are so dangerous is that it gives an attacker an easy way to get into accounts,” he added. “It’s similar to having a master key that you know will work on at least 10% of the houses on your street.”

Brian Spector, CEO of Miracl, argued that the industry “needs to get over passwords altogether.”

“They don’t scale for users, they don’t protect the service itself and they are vulnerable to a myriad of attacks,” he added.

“However, there are cryptographic security advancements available in the authentication space today, that combine multi-factor-authentication with excellent ease of use that delight customers.”

SOURCE: Phil Muncaster | Infosecurity Magazine

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s