Blog & Tools

Believe it or not, some still use 'password' as a password

employee logging into a computer

As encouraging signs go, this isn’t much. It’s minuscule. However, “password,” one of the weakest computer passwords of all time, might have been slightly less popular in 2019 than it was in 2018.

The discouraging news is that some people continue to use “password” as a password.

SplashData Inc.’s annual list of bad passwords ranks “password” as the fourth-worst password used in 2019. That compares with the word’s second-place finish for 2018.

Again, that’s not a big reason to celebrate. But with so many Americans still lax in creating, protecting and changing passwords for their accounts, even small improvements become noteworthy.

California-based SplashData is a leading provider of security applications, including password and record-management solutions. The company publishes an annual ranking of bad passwords to encourage people to be more cautious. The rankings are based on passwords that have been leaked onto the internet.

Glancing through SplashData’s annual ranking of the 100 worst passwords is amusing but also frustrating. The list looks similar year after year. Consider, for example, that the worst password for 2019 was a simplistic repeat from 2018: 123456.

Basic numerical sequences frequently appear on the company’s annual ranking of bad passwords. Letter and keyboard sequences, such as “qwerty” – the first six letters on the top row of standard keyboards, also are popular.

Here, according to SplashData, are the 10 worst passwords for 2019:

    SplashData's most popular passwords of 2019

    Passwords are intended to provide critically important, frontline protection to account access, so it’s surprising that a lot of people continue to treat them lightly.

    First names are commonly used as passwords, for example. Popular first names that cracked the SplashData’s worst list for 2019 include Amanda, Andrew, Ashley, Charlie, Chelsea, Daniel, Donald, George, Jessica, Jordan, Matthew, Michael, Nicole, Robert, and Sophie.

    A few seemingly odd words show up on the list. “Liverpool” is No. 31, for example, and “blahblah” is No. 76. No. 94, “trustno1,” is one of the most meaningful passwords on the list.

    Security experts, including those at SDN Communications, have discouraged the use of names and other easy-to-guess words as passwords for years. They encourage people to use separate and complex passwords for each account and to change them regularly. That way, if hackers get into one account, they don’t have the key to access others.

    Experts formerly advised people to use a long and complex mix of letters, numbers and symbols as passwords. The problem was that people often had trouble remembering them, so they would write them down, making their passwords less secure.

    More recently, experts such as those at the National Institute of Standards and Technology (NIST) in the federal government, are encouraging people to use passphrases, which can be easier to remember and still offer protection.

    A phrase such as “Mary has been fan of Vikings since 2005!” could be abbreviated to: MhbfoVs2005! Something like that could make for a pretty strong and memorable password. However, if allowable, NIST encourages the use of an entire passphrase, not just the acronym.

    NIST and other experts also encourage people to use multi-factor authentication (MFA) to protect their accounts. That might require entering a code sent to a cell phone or some other verification step in addition to a password. Fingerprints or other biometric information also can be used.

    Tools such as password management programs also are available to help people manage their passwords.

    The use of good passwords or passphrases is a crucial part of any good cybersecurity plan. Passwords such as “password” and “123456” mock that objective.

    SDN is a leader in providing business internet, private networking and cloud connectivity to businesses and organizations in communities such as Sioux Falls, Rapid City, Worthington, and the surrounding areas.

    Related Resources
    1. 3 Best password tactics to trump would-be hackers
      The name “donald” cracked SplashData’s list of the Top 100 Worst Passwords in 2018, debuting at No. 23 in the company’s eighth annual ranking of bad passwords.