We all know people who aren't too computer-savvy, and chances are they're guilty of using weak passwords, too.
Each year, SplashData, which specializes in in security applications, evaluates more than 5 million passwords leaked on the internet. In compiling 2018's list, their team found that computer users continue to use the same, easily guessable passwords, placing themselves at high risk of being hacked or having their identities stolen.
Once again, passwords like "123456" and "password" made this year's list. The newest addition? President Donald Trump.
That's right: President Trump made his debut with the password, “donald",” the year's 23rd most frequently used password.
Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData, Inc. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”
SplashData releases a new list each year as part of its efforts to encourage stronger—and therefore more responsible—password usage.
"Our hope by publishing this list each year is to convince people to take steps to protect themselves online,” Slain said, adding:
“It’s a real head-scratcher that with all the risks known, and with so many highly publicized hacks such as Marriott and the National Republican Congressional Committee, that people continue putting themselves at such risk year-after-year.”
The complete list is below:
- 123456 (position unchanged)
- password (position unchanged)
- 123456789 (up three spots)
- 12345678 (down one spot)
- 12345 (position unchanged)
- 111111 (new addition to the list)
- 1234567 (up one spot)
- sunshine (new addition to the list)
- qwerty (down five spots)
- iloveyou (position unchanged)
- princess (new addition to the list)
- admin (down one spot)
- welcome (down one spot)
- 666666 (new addition to the list)
- abc123 (position unchanged)
- football (down seven spots)
- 123123 (position unchanged)
- monkey (down five spots)
- 654321 (new addition to the list)
- !@#$%^&* (new addition to the list)
- charlie (new addition to the list)
- aa123456 (new addition to the list)
- donald (new addition to the list)
- password1 (new addition to the list)
- qwerty123 (new addition to the list)
Why do people continue to use weak passwords despite repeated warnings and data breaches of big firms like Facebook?
The answer is simple: Many computer users report that they find it difficult to remember the long passwords they've been told to use. Others are creatures of habit who've used the same password for years across multiple accounts.
For what it's worth, people have always been able to laugh at their password woes.
Your password must be strong enough to breakup with you in person.— patrickswayze’spatrickgravy (@patrickswayze’spatrickgravy)1474687740.0
My password is secure, it doesn't even care if I use other passwords sometimes— ho ho holesome content (@ho ho holesome content)1462165940.0
Forgot username? Forgot username AND password? What's in your head, is it nothing?? Is there like a little bat in a sleeping bag in there???— audrey farnsworth (@audrey farnsworth)1454230459.0
<enter password> chicken <password is weak> chickensoup <password is feeling a little better>— Ian Sausage (@Ian Sausage)1487354503.0
So what can you do?
- Make your password long. The recommended limit is eight characters. If your password is between 14 and 25 characters, you're well on your way to being far more secure.
- Substitute characters. (Use the number "0" instead of the letter "O" for instance.)
- Use a combination of letters and numbers, upper and lower case and symbols such as the exclamation point or question mark.
- Never reuse passwords on other accounts.
- Avoid using easilyidentifiable information such as names, birth dates, pet or partner names as your passwords.
- And, of course, change your passwords frequently.