For any decent online service, whether you’re talking serious stuff like banking or less important pursuits such as social media, you need a password to authenticate that you are who you claim to be. Passwords remain a simple lynchpin of online security, but they’re only as good as the people who put them in, which creates a problem.
The easiest passwords to remember are almost always the easiest for anyone to crack, which is why it’s incredibly bad form, for example, to use “password” as your password. In 2016, you’d think that everyone knew that… but you’d be wrong.
As they’ve done for a number of years now, Splash Data compiled a list of the most common passwords compiled from lists of leaked password databases. The fact that databases of passwords get leaked is alarming enough, usually pointing to some other kind of weakness in an online service’s overall security, but it also highlights how important it is not only to have a strong password, but also to keep an eye on alerts coming from compromised companies or services, and regularly changing your most sensitive passwords. That way passwords that are are leaked without your knowledge — either because a company doesn’t know it’s been compromised or because it’s not yet telling its userbase — won’t affect you as much, if at all.
Reading through the list of most commonly used databases reveals that at the simple end of the scale, very little ever changes. The top two most common passwords remain as common as they were the year before.
In case you were curious, as a species we still love simplicity, which can be the only explanation of why 123456 and Password remain the most common password for 2015. I’ll put what I feel is a safe bet out there and say that they’ll be the most common passwords of 2016 as well, but that doesn’t make them secure.
Equally, the rest of the top ten are also easily derived: 12345678, qwerty, 12345, 123456789, football, 1234, 1234567 and baseball respectively. There are a few new entries within the top 25 most common passwords, with terms such as princess and starwars amongst them.
Or in other words, if you just read your password for any service that you use at all, whether it’s your online bank or your daily horoscope, the first thing you should do is go and change that password before you finish reading this. Changing 123456 to 1234567 won’t be sufficient, either.
But what’s your next step? Strong passwords can be difficult because a good strong password can be as hard to remember as it is for malicious types to detect. I’ve long favoured using simple mnemonics — a small phrase with a few numbers sprinkled within that you pick a few key letters from — if you have to create the password itself.
If you’re creating a password on the same PC or Mac that you’re regularly going to be using for whatever service you’re password protecting, consider using a password management app such as Keepass, Dashlane or 1Password to keep all your passwords in a secure vault behind a single (and preferably strong) password. Those apps will even calculate, store and paste your passwords into password fields depending on the application, making it easier to stay secure without having to resort to insecure passwords in the first place.