What is the worst password? According to pcworld.com, the top worst password is 123456. The site goes on to note that it finally “dethroned” perennial worst password winner password. Familiar entries, for those who follow this kind of stuff, comprise the rest of the “worst passwords” in their top 25 list. A hint: if you’re using data encryption software please refrain from using any of these as your password.
It’d be like getting all the latest security technology for your home, only to leave the master key under the welcome mat.
Abode Breach Affects Results
The biggest breach in 2013 was the Adobe breach. Like a tidal wave rushing the shore and decimating everything that comes before it, the breach affected the worst password results. Here’s that list:
As you can see, references to Adobe and its software offerings are peppered throughout the list. (This is not unexpected. When RockYou had its data breach, rockyou was one of the top ten passwords).
Perennial favorites like iloveyou (#9), password1 (#21), and trustno1 (#24) also were present.
Also notice the presence of azerty (#23), which is a weird entry for people accustomed to a US keyboard layout, but not to so much for European residents (azerty is the qwerty of European keyboards).
As Easy as 1, 2, 3
Then there are the numbers: 123456 (#1), 123456789 (#6), 1234567890 (#13), 1234 (#16), and 12345 (#20). Also, 00000 (#25), but I exclude it because it breaks the 1234 pattern. Why do I bring this up?
I’d say that these passwords are actually one and the same, and reflect something else: the minimum password limits that different websites place on their users. A string of consecutive numbers is the easiest password you can get, after all. Password length requirement is 6 characters? 123456 is your password. At least 8 characters are required? 12345678 is your password. And so on.
We have to assume that the Adobe hack must weigh heavily on the results, but it looks like most passwords are required to be at least six characters in length (#1, #6, and #13 in my sample. The list of 25 shows the top 15 to be at least 6 characters in length with the exception of #12, admin).
Kind of makes one wonder who’s allowing passwords that are shorter than 6 characters in this day and age. It was only in 2010 that researchers showed 12-character passwords to be minimum when it comes to acceptable security. Four years later, you can bet that passwords need to much longer now.
Related Articles and Sites: