The 25 worst passwords of 2011

About The Author

CNET Editor

Michelle Starr is the tiger force at the core of all things. She also writes about cool stuff and apps as CNET Australia's Crave editor. But mostly the tiger force thing.

Internet security firm SplashData has revealed the 25 worst passwords of 2011 — and boy are they doozies.

(Keyhole Red image by alicia rae, CC BY-SA 2.0)

Creating a password that is secure but memorable is a tricky business; so much so that, no matter how often we hear it, many simply dispense with the bothersome "secure" bit.

Don't do this, kids. We counsel security for a reason: because a weak-sauce password is the fastest way to get yourself good and haxx0red.

SplashData compiled the list from files containing millions of nicked passwords posted online by these haxx0rs. All we can do is shake our heads. Tsk, tsk. We are chagrined that "password" still tops the list.

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

As we all well should know by now, a combination of upper and lower case letters, symbols and numbers — as well as a different password for every account you own — is the best method of creating a secure password, but if you have committed one of these password faux pas or are unsure how to go about creating a secure one, never fear! CNET is here!

Password generator

There are a number of password generating tools that will create strong passwords for you. We like the PCTools one — it allows you to set a variety of parameters in order to comply with any website's password policy.

(Credit: PCTools)

The Wolfram Alpha search engine provides a similar service; simply enter "strong password" into the search box to navigate to its generator. Both these tools generate genuinely random passwords, which are a lot harder to crack than your birth date or your dog's name.

(Credit: Wolfram Alpha)

Password manager

The problem is that such passwords are really difficult to remember. One solution is a password manager, such as KeePass. KeePass stores all your passwords in an encrypted database, which can only be unlocked by your master password. As well as compatibility with PC, Mac and Linux, there are BlackBerry, iPhone, PalmOS, Windows Phone 7 and Android apps available for it, too — this cross-platform portability makes it super-convenient.

(Credit: KeePass)

If you're the kind of person who trusts a product more if you pay for it, 1Password is a one-off payment password vault that works across PC, Mac, iOS and Android.

(Credit: AgileBits)

Password strength tester

If, at the end of the day, you still prefer to create your own passwords, at the very least you can test their strength.

Microsoft has an HTTPS password tester online that allows you to enter your password. The green bar will fill up according to your password's strength — red for "terrible" and green for "you may proceed".

(Credit: Microsoft)

Not everyone trusts Microsoft, though. An alternative is LBW-Soft's Password Review. Not only does this online service check your password, it also breaks down where it fails in detail, so that you can address those areas if you so choose.

See that? It takes precisely zero seconds to Brute-Force the password "password".
(Credit: LBW-Soft)

Or, finally, there are always the wise words of Randall Monroe...

(Credit: XKCD)

Previous Story

How Facebook is ruining sharing

Internet & Networking
Next Story

What to make of Facebook's over-sharing?



Add Your Comment 8


Post comment as
 

Gregory Opera posted a comment   

The computer version of KeePass also has an indicator of how strong a password is, showing users a graphical bar, as well as how strong the password is in bits... Furthermore, the computer version of KeePass has a powerful built-in password generator.

I have been using KeePass for years and its protection is so strong that I even trust it with the passwords to the Government resources I access on a regular basis!

I tried and in some cases even bought equivalent commercial products, and whilst some of them sure look pretty, they don't compare with the security and flexibility of KeePass...

 

GeorgeM2 posted a comment   

my password is *********

 

RyanG1 posted a comment   
Australia

Another great site that can help you to generate passwords, remember them and even allows you to autologin is LastPass - https://lastpass.com

 

Eric posted a comment   

Password haystacks at grc.com is an awesome way to test your passwords.

 

SonyaR1 posted a comment   

I'm amused (in a bad way) that when I out of curiosity went to try the LBW-Soft's Password Review thingammy linked at the end of the article, that Chrome red-paged the link with the warning message:

"You attempted to reach www.pwsecurity.de, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system."

I do believe I'll pass on trying it out...

 

natslovR posted a comment   

I use correct horse battery staple for all my passwords now, hasn't shown up in any bad password lists and i am yet to be hacked

 

SkyeH posted a reply   

but now i know your password? LoL

 

Dunners posted a reply   
Australia

I can see it now,

The 25 worst Passwords of 2012

1. correct horse battery staple
2. password
3. ...




Sponsored Links

Recently Viewed Products