HOSTING

The Worst Passwords of 2015

Every year, the security applications provider and password management company, SplashData, conducts a report on the worst passwords of the past twelve months.

Every year, security applications provider and password management company, SplashData, publishes a report revealing the worst passwords of the past twelve months. To conduct their report, SplashData examined over 3.3 million passwords that had been leaked online throughout the past year. Their 2015 report (published on the 20th January 2016) reveals that "123456" and "password" again taking the top spot of the most common passwords.

While the passwords in 2015 became longer, presumably driven by an awareness of the need to increase security, many of those longer passwords remained simple and were created with the simple addition of more numbers or letters in the sequence.

You can see the list of most popular passwords below, along with their change in ranking from the previous year. As you can see, many of the passwords are appalling.

Rank Password Change from 2014
1 123456 Unchanged
2 password Unchanged
3 12345678 Up 1
4 qwerty Up 1
5 12345 Down 2
6 123456789 Unchanged
7 football Up 3
8 1234 Down 1
9 1234567 Up 2
10 baseball Down 2
11 welcome New
12 1234567890 New
13 abc123 Up 1
14 111111 Up 1
15 1qaz2wsx New
16 dragon Down 7
17 master Up 2
18 monkey Down 6
19 letmein Down 6
20 login New
21 princess New
22 qwertyuiop New
23 solo New
24 passw0rd New
25 starwars New

Though there are some recurring themes in people’s passwords this year, there are also some new trends. Sports remain popular for password choices, such as “football” and “baseball”, which have both climbed the list since the 2014 report.

Other trends mark more of a difference: the most noticeable shift is perhaps down to the release of “Star Wars: The Force Awakens”, with people going for related choices such as “Princess”, “solo” and “starwars” for their passwords. It is rather a testament to the film’s popularity that these words made it onto the list of most popular passwords in 2015, marking a sharp and rapid trend in their use.

Easily Hacked

Aside from someone manually trying these passwords to try and gain access, there are much simpler ways to use common passwords to gain access to say, your WordPress site.

In a demonstration, Hackertarget used a simple tool called WPscan. Many users do not change the User from the default "Admin". Using that user id, and say a list of the most common 500 passwords, WPScan can Bruteforce access to a WordPress installation in just 1 minute and 16 seconds, assuming your password is on the list.

Now imagine a hacker running a botnet of 1000's of hacked computers, each running a similar hacking attempt, and then you can see how easy using a bad, or common password can be.

So whatever you do, do not use one of the Worst Passwords of 2015 listed above.

Best Practices for Choosing A Password

tips for choosing a good password

In the report, Splashdata offers three pieces of advice:

  • Use a password or even a longer phrase which is twelve characters or more; these should also be mixed characters, such as lower and upper case letters, numbers, and symbols, with more variety always being better.
  • Avoid reusing the same password or passphrase multiple times: if someone guesses it once, they are then able to try it on any other account, and this puts all your various accounts at risk.
  • Use a password manager such as SplashID, LastPass or others to keep your passwords organized and managed; password managers are also able to generate random sets of characters and, therefore, help you to create more complex passwords.

You can also use a password checker, such as The Password Meter to check how secure your passwords are: just type in your chosen password, and you can see how secure it is. This will enable you to improve it if it scores poorly.

Also, where possible, we highly recommend implementing two-factor authentication, especially for your web host, or even WordPress installation.

Check out our top user-rated host: SiteGround
Need help choosing a hosting provider?
Check out our top user-rated host: SiteGround