The number sequence “123456” has overtaken “password” as the most common worst password among internet users, an online security firm says.
Releasing its annual Worst Passwords list, SplashData, whose company markets password management apps, said it was the first time “password” had lost its number-one position, changing places with its numerical rival.
The other thing I notice when I ask people about these sort of things is that they tend to have weak passwords by choice; ones they don’t care if they are compromised
Ty Miller, Threat Intelligence
In third place was 12345678, unchanged from 2012, while “qwerty” and abc123 came in fourth and fifth; “iloveyou” climbed two spots to number nine.
Swinging the results, SplashData said, was a major security breach involving Adobe software that laid bare the widespread use of weak passwords among users of such Adobe products as Photoshop.
“Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list [for the first time] offers a good reminder not to base your password on the name of the website or application you are accessing,” said SplashData chief executive Morgan Slain.
Like other password experts, SplashData encouraged internet users to opt for “passphrases” – a collection of random words, numbers and characters, such as “smiles_like_skip?” – that are easy to remember, but harder for online scam artists to crack.
Sydney-based security expert Ty Miller, of Threat Intelligence, said the results didn’t surprise him.
“From memory, ‘123456’ has been one of the most common passwords for a long time,” he said.
He said it was important to remember what SplashData’s results were based on. If they were based on leaked passwords from breaches of prominent websites like Adobe and others then they were likely passwords many people used as disposable ones for non-sensitive information.
“With sites like social networks you’ll find ‘123456’ is a common password, whereas if you go to common compromised internal corporate networks you’ll actually find that ‘password1’ and ‘welcome1’ are both extremely common and far more common than ‘123456’ because of password policies.”
Such passwords were used, he said, because they were easy to remember.
“That’s probably the main reason why people use them. The other thing I notice when I ask people about these sort of things is that they tend to have weak passwords by choice; ones they don’t care if they are compromised,” he said.
“So in breaches like in the Adobe hack that happened late last year, those sort of sites people don’t really care about and therefore they use weak passwords that they wouldn’t use on their email so that if they do get hacked they’re only losing a junk password that they don’t really care about.”