Skip to main content
The Globe and Mail
Support Quality Journalism
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99 per week for the first 24 weeks
Just $1.99 per week for the first 24 weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); }

An executive that uses an awful password on a social platform such as LinkedIn could give even an amateur hacker the keys to his company’s network.

istockphoto

Humans are terrible at passwords.

Software company Splashdata (which makes a password-manager tool) has been compiling a list of the worst passwords since 2011, and the two most frequent crypts are still "123456" and "password."

The problem is, users with dead-simple passwords on Facebook are likely to do the same thing at work. Security-software developer Ping released a survey in 2015 that found half of workers reuse the same passwords across multiple enterprise tools, and two-thirds use those same passwords on personal services, such as social networks. An executive that uses an awful password on a platform such as LinkedIn could give even an amateur hacker the keys to his company's network. And the wealth of personal data we post online also makes it easier to use social engineering techniques to bypass password-reset security questions.

Story continues below advertisement

One reason why we are so bad at cryptography may be security fatigue. Researchers at Trend Micro have said that data get stolen every three seconds, and Splashdata compiles its database from the leaked credentials that appear online after some of the truly epic hacks that seem happen on a monthly basis. This year's list was culled from two million leaked records, and the irony is that hackers don't need these weak passwords to get those records: Software itself is often leaky enough to break open and steal data.

All of which is why there is a growing movement to get rid of the things altogether. A survey of 308 digital-security experts, conducted by Wakefield Research late last year for SecureAuth (makers of two-factor authentication software), found 91 per cent of the respondents were sure the text password would be dead in 10 years.

"There's a lot of work being done to integrate biometric, but they are still a ways away from mainstream adoption," warns Mark Nunnikhoven, a vice-president at Trend Micro. Canada's Nymi has been flogging its heartbeat-reading biometric, while an increasing number of smartphones offer fingerprint access. "Companies should look to adopt multifactor authentication in the short term. It will help compensate for human nature when it comes to password hygiene." MFA or two-factor authentication is where a text or other message is sent to a secondary device in order to confirm an attempt to login.

In the meantime, please remember that "1qaz2wsx" may be a nonsense word, but anything that's a simple pattern (such as the first two rows of a keyboard) is not a good password.

Splashdata's 'Worst passwords of 2015'

RankPasswordChange from 2014
1123456Unchanged
2passwordUnchanged
312345678Up 1
4qwertyUp 1
512345Down 2
6123456789Unchanged
7footballUp 3
81234Down 1
91234567Up 2
10baseballDown 2
11welcomeNew
121234567890New
13abc123Up 1
14111111Up 1
151qaz2wsxNew
16dragonDown 7
17masterUp 2
18monkeyDown 6
19letmeinDown 6
20loginNew
21princessNew
22qwertyuiopNew
23soloNew
24passw0rdNew
25starwarsNew

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies