As the year comes to a close, a lot of us are thinking back on the year that was… but are have you bothered to consider your 2018 passwords?
A good password will keep your online accounts safe, from your bank account to your Amazon account. But even though we know we should create secure passwords, a lot of us don’t. Complex, unique passwords can be a nuisance to remember (especially since security experts recommend using a different password for every site), and it’s easier to skip the headache and go with something simple.
However, SplashData’s list of the worst passwords of 2018 — which was compiled from the millions of passwords that were hacked this year —suggests plenty of people aren’t making much effort to create secure passwords. The top five passwords don’t vary much from year to year… which means people keep using the same predictable passwords, which make it easy for anyone to get into their accounts. Here are this year’s top 25 passwords:
- 123456 (unchanged)
- password (unchanged)
- 123456789 (up 3)
- 12345678 (down 1)
- 12345 (unchanged)
- 111111 (new)
- 1234567 (up 1)
- sunshine (new)
- qwerty (down 5)
- iloveyou (unchanged)
- princess (new)
- admin (down 1)
- welcome (down 1)
- 666666 (new)
- abc123 (unchanged)
- football (down 7)
- 123123 (unchanged)
- Monkey (down 5)
- 654321 (new)
- !@#$%^&* (new)
- Charlie (new)
- aa123456 (new)
- donald (new)
- password1 (new)
- qwerty123 (new)
Even if you aren’t a security pro, you can probably see a problem here. Seven of those passwords are simply a straight row of characters across the keyboard (presumably to whatever number of characters a particular password requires). And they aren’t the only patterns on the list: “111111” and “666666” are even lazier. Then there’s the perennial “password,” which is certainly easy to remember — but it’s also the first password any hacker will try. A variation on this basic password is also inevitably on the worst passwords list: “password1” may be a little more complicated than the simple “password,” but it isn’t much better. If “password” is a hacker’s first guess, this will be the second.
Even worse, “123456” and “password” have made the top two spots on the worst passwords list for six years in a row. That implies that not only are these lousy passwords getting used, but they keep getting used.
New to the list this year was “donald,” debuting in the #23 slot. And while it’s a bit better than “password,” setting your password to the name of the president still isn’t very secure.
So how can you keep your online accounts — and thus your personal information — safe? The first step is making sure none of your none of your password are on SplashData's worst passwords of the year list. If you are, you should log on and change them immediately. Then make sure you’re creating a strong password. A good password needs to:
- Have least 8 characters.
- Include capital letters, numbers, and ASCII characters.
- Not follow any pattern, like “123456” or “121212.”
- Not use a dictionary word, common phrase, a movie name or anything similar. (Sorry, Star Wars fans, but you shouldn’t express your enthusiasm in your password.)
- Not include your name or significant dates, like your birthday or anniversary. Names are a common feature on the worst password list, and using this kind of personal information makes your password very easy to guess.
- Never be used across multiple sites, which means that when one site is hacked, all of your passwords are compromised.
If sites support it, you should also use two-factor authentication, which requires both a password and a randomly generated code, which is typically displayed in an app or texted to you whenever you log on. Even if a hacker has your password, they won’t have that random code and therefore won’t be able to get into your account. While not every site offers two-factor authentication, most sites containing sensitive personal information will, including most banking sites. If you aren’t sure whether your favorite website supports two-factor authentication, search the Two Factor Auth List to find out.
Now the next question: how can you remember all of these unique, complicated passwords? We recommend that everyone use a password manager. These secure apps will store your passwords — though you have to remember to add them, first — and require a login to access them. Many are apps that run on your phone, but you’ll also find PC and web-based password managers.
So why not make a New Year’s resolution to improve your passwords? Using good passwords isn’t as hard as you think — and it will help you avoid the headache of hacks throughout 2019.
[Image credit: password on sticky note via Shutterstock]