Skip to main content

Another year goes by, and according to a recent security survey the most commonly hacked password is still: "password."

Internet security firm SplashData trolled through millions of stolen passwords posted in online hacker forums, according to CEO Morgan Slain, and compiled a list of the 25 most-stolen ciphers.

Among the easily cracked codes were the some of the most common names for boys and girls (Michael and Ashley), sequential series of numbers (123123) and even strings based on keys closely grouped on your Qwerty keyboard (this one takes the prize: qazwsx).

"Hackers," Mr. Slain said in a release, "can easily break into many accounts just by repeatedly trying common passwords. Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft." Mr. Slain said.

If you have a password that is short or common or a word in the dictionary, it's like leaving your door open."

The top 25 stolen passwords:

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

SplashData provides software to help you manage multiple passwords and accounts, but even if you don't want to go that route here are their tips for password strengthening:

"Use passwords of eight characters or more with mixed types of characters. One way to create longer, more secure passwords that are easy to remember is to use short words with spaces or other characters separating them. For example, 'eat cake at 8!' or 'car_park_city?' "

"Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, and financial services. Use different passwords for each new website or service you sign up for."

Answer this question in the comments below: What's the dumbest password you ever used? (Please don't post your password unless you've wised up and no longer use it.)

UPDATE: Props to the readers for their clever suggestions: "********" is definitely sneaky-dumb Morty_whatever, and we should all be impressed with your civic-mindedness Scotch Bonnet. Still, the most creative (if probably still crackable) password suggestion goes to nyty nyt: "I use my Blues Name. A childhood disease followed by a US President's name: Mumps Washington, Measles Jackson, etc." Thanks for playing.