In recent years we’ve witnessed an uptick in high-profile data breaches, which have most often resulted in user account credentials and sensitive information (i.e., passwords) inadvertently being leaked in very large numbers.
In 2018 alone, at least five million private user account passwords leaked in both the U.S. and Europe, according to data analytics firm, SplashData, who used this information to compile their annual analysis of the top 25 dumbest passwords.
Interestingly, even despite the rise in such major data breaches, it doesn’t appear that users have learned much since last year, with SplashData noting there was no change to the top two most frequently used passwords of 2017: No. 1, ‘123456’, and No. 2 ‘password’.
Other head-scratchers include easy to guess numerical chains like ‘12345’, ‘1234567’, ‘12345678’ and ‘123456789’, and other basic entries like ‘qwerty’, ‘sunshine’ and ‘iloveyou’ among the top 10.
2018’s list of 25 passwords also includes 11 new entries — one of which is, simply enough, ‘Donald’, which SplashData singled out specifically in its reporting to remind users that choosing such easily-guessable passwords is a rather unsafe practice.
“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, SplashData, Inc.’s CEO. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”
Other bizarre entries among the top 25 include ‘66666’, ‘charlie’, ‘monkey’, ‘football’ and plenty of other no-brainers.
Unable to explain why users are, perhaps unwittingly, choosing such dumb, unsafe and easy-to-guess credentials, SplashData went on to note that 10% of people have used at least one password on the list — with around 3% of those choosing the dumbest: 123456.
As with their previous reports, however, the purpose of SplashData’s annual analysis is to ultimately shed a light on the dangers of not choosing more complex credentials to protect yourself online.
“Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” Slain continued. “It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”