You would think that after a year of significant data leaks from Target, Snapchat, and others, people would be wising up when it comes to password security. But no, not really. As it does every year, SplashData has compiled a list of the top passwords from the millions leaked during 2014. The results are pretty sad. People are still using the Spaceballs luggage combination (12345), and not as a homage to the film.
The top ten are 123456, password, 12345, 12345678, qwerty, 123456789, 1234, baseball, dragon, and football. Some other gems from the list include number 25 “trustno1″ and “letmein” at number 13. Not only are these passwords easy to guess on a small scale, they are extremely vulnerable to brute force attacks that could compromise data. Attackers don’t need to know your specific username and password, they can just try the most common passwords with a lot of usernames and they’ll get plenty of hits.
There are a fair number of new arrivals on the list this year, but they’re all common dictionary words and names like “dragon” and “michael.” The simple numeric passwords are still the go-to for many people, but keyboard patterns like “qwerty” and “1qaz2wsx” (the first two columns) are popular too . 123456 has been a top password for a few years, and has retained its number one spot from last year, according to SplashData (full list available here).
It’s the same thing every year–people choose the same poor passwords. That probably isn’t going to change until such time as passwords are no longer a thing. The real question here is why are websites and services allowing people to choose such ridiculous passwords? The situation might not be so bad if websites enforced a few rules like “no all integer passwords” and “no common keyboard patterns.”