Having these common passwords could expose you to identity theft

26 March 2015

California company SplashData has released its annual list of the most common, and therefore worst, passwords of the year, drawing its data from a pool of over 3.3 million passwords exposed in leaks throughout 2014. If your password is on this list, you may want to change it immediately, since it will probably be among the first cyber criminals try when attempting to hack into your accounts.

Surprisingly, the worst password of the year was not “password”. Instead, that honor went to “123456”, with “password” coming in a close second. Numerical passwords, especially where the numerical sequence is in the correct order, are some of the worst passwords you can possibly have, according to the company’s CEO, Morgan Slain.

“Passwords based on simple patterns on your keyboard remain popular despite how weak they are. Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure,” said Slain in the company’s press release.

Other popular passwords followed a few key themes: gaining access to the computer (“access”, “letmein”), names of sports (“baseball”, “football”), animals real and imaginary (“monkey”, “dragon”), superheroes (“superman”, “batman”) and a few lone wildcards (“shadow”, “master”). In a strangely foreboding omen for the state of romance across the globe, “iloveyou” has fallen off the list since 2013, replaced by “696969”, while “trustno1” holds steady at #20.

This list is easy to ignore if you assume that because your particular passwords aren’t on it, you’re safe. However, a lot of people are still holding on to old passwords that, while they may not be on the list of the top 20 worst, might still expose you to the risk of having your accounts hacked. Your password is your first line of defense against cyber criminals, and having your account hacked can lead to identity theft and worse, so it’s wise to take maintaining strong passwords seriously.

To make sure your passwords are as strong as they need to be, keep these things in mind:

  • Avoid using common names. So many people probably have someone with the same name as your daughter/son/significant other that it’s not a secure password anymore. The worst offenders are Michael, Jennifer, Thomas, Jordan, Hunter, Michelle, Charlie, Andrew and Daniel, which were all among the top 50 most common passwords.
  • Similarly, don’t use your birth year, even when attached to another word. Including common strings of numbers makes your password easier to guess.
  • Avoid any password that too closely corresponds to a pattern on the keyboard. “Qwerty” is obviously out, but so is “zxcvb”.
  • Use both letters and numbers. It’s best to throw the numbers in randomly amongst the letters rather than separating the two into different sections of the password.
  • If you’re having a hard time coming up with a password you’ll remember that doesn’t include any of these common words or concepts, think about using an acronym for a favorite quote or series of words. For example, if your dog’s name is Storm, ILMDS for “I Love My Dog Storm” will be meaningful to you, but not to any cyber criminals who might try to hack into your accounts.

If your identity is stolen by a thief who guesses your passwords, you risk your credit score being ruined by criminals using your identity to engage in risky financial activity. Signing up for a credit monitoring service can be a good way to get some peace of mind if you think your passwords may have been too weak for a long time.