At first blush, SplashData's annual list of the 25 most common passwords — compiled from files posted online in the wake of security breaches — is not the sort of document that instills great faith in the cleverness of the online masses. On the other hand, some password has to be the most popular. Wouldn't it be weird if it weren't something really dumb and obvious?
Keep in mind that the report only tells us the popularity of the top 25 passwords relative to one another, not their absolute popularity. It's conceivable, then, that both “password” and “ 123456” are less common across the Internet than they were a year ago. In fact, SplashData CEO Morgan Slain confirmed to me via email that the weakest passwords have declined in popularity in recent years — but only slightly. “We keep hoping for steeper declines as people get more educated about the risks of simple passwords (hence the annual list) and as websites start to enforce stronger password policies,” he said.
So in the spirit of educational password-shaming, here's SplashData's list of this year's 25 worst passwords, along with expert analysis of what each one says about the sort of person who uses it. If you find one of your own on the list, it would be prudent to promptly
re-examine your entire life change it.
I can't be bothered to take even the most basic step to protect my personal information. Seriously, just go ahead and take it.
I failed to understand the question.
I tried “123456,” but the computer said I had to use at least eight characters.
Aren't I clever? My password is written right there on the keyboard.
I'm a fan of the Jackson Five.
I'm a positive-integer maximalist.
I managed to find one of the few passwords that's both easy to crack and hard to remember. (How many 1s was it, again?)
Seven is my lucky number!
I'm Theodore Twombly.
You may have cracked my Adobe password, hacker, but you'll never guess my password for Microsoft!
Aha! You were expecting 123456, weren't you?
I should be fired immediately.
I have mastered the base-10 numeral system.
Might as well let everyone else in, too.
They told me not to use the same password for every program, so...
I can't be bothered to take even the most basic step to protect my personal information, and neither can the people who run this site.
I am an actual monkey.
I fancy myself quite sneaky.
I cry myself to sleep at night.
I cannot be bothered to take even the most basic advice etc.
My last password was compromised, so I added a “1” this time for extra security.
I'm waiting to be swept off my feet by a Nigerian prince.
Hey, at least it's better than qwerty.
It's not paranoia if they really do keep guessing my password.
My day job is coming up with nuclear launch codes.
Will Oremus is the lead blogger for Slate's Future Tense, reporting on emerging technologies, tech policy and digital culture.
Copyright Washington Post/Slate.