Worst Password List of 2012 – 123456, Jesus, and Ninja

Despite many high profile breaches Internet users are still using most of the same weak password reported to be in use last year. Using files containing millions of stolen passwords that were posted online by hackers, SplashData compiled 2012’s ’25 Worst Passwords of the Year’. Most of the regular entries were represented but ‘Jesus’, ‘ninja’, and ‘welcome’ moved into the top 25.

Worst Password List of 2012 – more of the same

Despite a year filled with several password breaches from high profile sites like LinkedIn, eHarmony, Last.fm, and Yahoo! Internet users are still using extremely poor passwords. SplashData, who is a developer of the SplashID Safe line of password management applications, releases an annual list in the holes that it will  encourage the adoption of stronger passwords (and use of their software I assume).

The top three passwords remain unchanged from last year:

• password
• 123456
• 12345678

There are a few new entries this year though:

• jesus
• welcome
• ninja
• mustang
• password1

My favorite is the inclusion of ‘password1’, because you know… adding a 1 makes it totally secure.

“We’re hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different Web sites,” SplashData CEO Morgan Slain said in a statement. “Just a little bit more effort in choosing better passwords will go a long way toward making you safer online.”

Worst Password of 2012 – the list

Between the Yahoo! break of nearly a half million login credentials stored in plain text, and the thefts from LinkedIn, eHarmony, and Last.fm there was a grand total of about 8 million passwords posted to hacker sites in in June so we have a fairly decent representation of the passwords in use by the general public.

1. password (unchanged)
2. 123456 (unchanged)
3. 12345678 (unchanged)
4. abc123 (up 1)
5. qwerty (down 1)
6. monkey (unchanged)
7. letmein (up 1)
8. dragon (up 2)
9. 111111 (up 3)
10. baseball (up 1)
11. iloveyou (up 2)
12. trustno1 (down 3)
13. 1234567 (down 6)
14. sunshine (up 1)
15. master (down 1)
16. 123123 (up 4)
17. welcome (new)
18. shadow (up 1)
19. ashley (down 3)
20. football (up 5)
21. Jesus (new)
22. michael (up 2)
23. ninja (new)
24. mustang (new)
25. password1 (new)

What to do about your password

The simple fact is that we have SO MANY passwords to remember that we’re lax on security. Suggestions on how to choose a password are readily available online but an easier solution is to use a password manager application like SplashData’s SplashId. My personal recommendation is to use LastPass; then you’ll never forget a password again and you can log into your sites with a single mouse click. It’s drop dead simple, FREE, and includes LastPass Sentry. LastPass Sentry is a new feature of LastPass that will automatically monitor your accounts against known compromised site and inform you if your email appears in a list of breached accounts. LastPass also works with Google Authenticator to provide two-step authentication. There’s a Premium version which includes the ability to use LastPass on any mobile device you own and a host of other features. The Premium version costs $1.00 per month… it’s worth it for your peace of mind. If you sign up through this link you get one month of Lastpass Premium for free.