Most popular passwords of 2016 are desperately weak yet again, study finds

'123456' takes top spot, as it did in 2015 and 2014

Aatif Sulleyman
Monday 16 January 2017 19:07
comments
Not a particularly secure choice
Not a particularly secure choice

The most popular passwords of 2016 have been revealed and, as ever, the list shows just how lax millions of internet users’ approach to online security still is.

As was the case last year and the year before, ‘123456’ tops the list, with password manager Keeper Security reporting that it was used by 17% of the 10 million passwords – which became public through data breaches that happened in 2016 – it analysed for the study.

Meanwhile, the shamefully familiar ‘123456789’ and ‘qwerty’ took the silver and bronze medal positions, with ‘12345678’ and ‘111111’ rounding out the top five.

Despite repeated warnings from the wider technology industry about the importance of online security, almost all of the 25 entries on the list are easily guessable.

The only real surprises are ‘18atcskd2w’, ‘1q2w3e4r’, ‘1q2w3e4r5t’ and ‘1q2w3e’, which at first glance look like excellent passwords. However, it appears that they only feature on the list because of bots.

As security expert Graham Cluley explained last year while explaining the then baffling rise in popularity of ’18atcskd2w’, “What I believe happened is that these accounts were created by bots, perhaps with the intention of posting spam onto the forums.

“All in all, it’s easier for a spammer who is creating tens of thousands of accounts to use the same password over and over again – especially if the site doesn’t appear to notice anything suspicious is going on.”

Using a mix of numbers and uppercase and lowercase letters is an easy way to make your password tougher to crack, as is the method of using the first letters from the words in a memorable phrase. Alternatively, password managers can create stronger passwords for you.

Though it’s clear that a huge number of users are simply ignoring basic security advice, Keeper Security believes that a bigger share of the responsibility lies with the sites that allow the practice to continue.

“We can criticize all we want about the chronic failure of users to employ strong passwords,” it said. “After all, it’s in the user’s best interests to do so. But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.

“It isn’t hard to do, but the list makes it clear that many still don’t bother.”

The full list of passwords is as follows:

  1. 123456
  2. 123456789
  3. qwerty
  4. 12345678
  5. 111111
  6. 1234567890
  7. 1234567
  8. password
  9. 123123
  10. 987654321
  11. qwertyuiop
  12. mynoob
  13. 123321
  14. 666666
  15. 18atcskd2w
  16. 7777777
  17. 1q2w3e4r
  18. 654321
  19. 555555
  20. 3rjs1la7qe
  21. google
  22. 1q2w3e4r5t
  23. 123qwe
  24. zxcvbnm
  25. 1q2w3

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

View comments