SplashData has compiled a list of the least secure, most-guessed, most-overused, most-hacked passwords of the year, gleaned from analyzing millions of stolen passwords posted online by hackers after data breaches. Jesus is a new addition to the list, along with “welcome,” “ninja,” “mustang” and the needs-no-introduction “password1.”
"We're hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites,” said SplashData CEO Morgan Slain.
The top three are the same as last year, speaking to a shocking unwariness on the part of consumers: “password," “123456” and “12345678” head up the list. But moving up the rankings with a bullet are “123123,” “11111” and, in a testament to either American iconography or the world’s most popular sport, “football.”
"Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets. Just a little bit more effort in choosing better passwords will go a long way toward making you safer online," Slain said. "Those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password.”
Recent research shows that experience is no guide when it comes to choosing effective passwords, however. A Cambridge study shows that users who have their passwords reset because of a compromised account do not choose better passwords than average users.
Still, SplashData hopes the additional publicity will make some headway on the issue. Slain added, "It just takes a few extra moments to make a password better. If you get started now and make it a resolution to keep it up, your life online will be safer and more secure in 2013."
The threat is on the rise, for certain. Worldwide, approximately 1.1 million identities were exposed per breach last year, according to an April 2012 Symantec report, mainly owing to the large number of identities breached through hacking attacks. More than 232.4 million identities were exposed overall during 2011. Deliberate breaches mainly targeted customer-related information, primarily because it can be used for fraud.