123456: Passwords are there for reason, don’t make it so easy

Digital consumption. Most likely, it’s one of the easiest and quickest parts of your day, something you barely even think about anymore.

Americans now spend an average of 24 hours a week on the internet, according to USC Annenberg. With this, you probably enter a password to gain access to either your computer or phone while browsing the web — or at least you should — and continue doing so online. Banking, email, social media, and so on — it all requires a password.

Passwords are so commonplace now, it is easy to navigate right on past this process with little to no concern — an unquestionably bad habit. Potential digital breaches wait around every metaphorical corner of the internet. And perhaps the easiest way for hackers to get at your personal information, or even your hard-earned money, is guessing a weak password or hacking it with an automated program.

SplashData publishes a list of the 100 worst leaked passwords annually. Five years in a row, the top two worst passwords have been “password” and “123456.” Other popular password techniques include using a string of numbers in order or reverse order, or grouping together letters that are located closely together on the keyboard.

According to the data, the Top 10 worst passwords are:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty Down
  10. iloveyou

Popular names and buzzwords are also common — including, perhaps, the most omnipresent name in news worldwide over the past three years or so. Checking in at No. 23 on SplashData’s most frequently used password list is “donald.”

“Sorry, Mr. President, but this is not fake news – using your name or any common name as a password is a dangerous decision,” said Morgan Slain, CEO of SplashData. “Hackers have great success using celebrity names, terms from pop culture and sports, and simple keyboard patterns to break into accounts online because they know so many people are using those easy-to-remember combinations.”

While such passwords might be easy for users to remember, they also provide little challenge to those who want your online information, with bad intentions.
SplashData gives these three tips to do a better job of keeping hackers at bay:

  • Use passwords of 12 characters or more, and mix them up — utilize uppercase and lowercase letters, numbers and other special characters, such as exclamation points, ampersands and question marks.
  • Don’t use the same password for multiple sites, so if a hacker does manage to access one of your passwords, they can’t log into more than one site posing as you.
  • Use a password manager to help stay organize. Those can also generate secure random passwords and automatically log into websites for you.

A few others to go along with this:

  • Keep your passwords secure by using two-factor authentication for every service that allows it.
  • Change your password often and/or enable time expirations to change your password.
  • Log out when you’re done using your account, particularly when you are on a public or often used computer or device.
  • Avoid logging into accounts when you are on public wifi connections.
  • Be mindful of secure websites (SSLs and the browser safe indicators), which are safer for online data transmissions.