The top 10 awfully bad passwords people use

Many end users don't understand the need for good passwords, report shows

You might think that after nearly two decades of data breaches, identity theft and other online risks, your average end user would understand by now the importance of creating strong passwords and protecting them.

You would be wrong.

Data security firm Imperva analyzed 32 million passwords that a hacker stole from an application developer called rockyou.com, and  published a report of the findings earlier this year – including the 10 most-commonly used passwords, all of them terrible.

They are:

  1. 123456
  2. 12345
  3. 123456789
  4. Password
  5. iloveyou
  6. princess
  7. rockyou
  8. 1234567
  9. 12345678
  10. abc123

Entry No. 7, "rockyou," is the name of the Web site for which the users created the password. Their Amazon.com and Audible.com passwords are probably "amazon" and "audible," respectively.

Nearly half of the users created easily guessable passwords, including names, dictionary words and strings of consecutive numbers, according to the report. The most common password found was "123456."

"Everyone needs to understand what the combination of poor passwords means in today's world of automated cyberattacks: With only minimal effort, a hacker can gain access to one new account every second — or 1,000 accounts every 17 minutes," said Amichai Shulman, Imperva's chief technology officer, in a written statement that accompanied the release of the findings. "The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of passwords as a security mechanism. Never before has there been such a high volume of real-world passwords to examine."

Download the full report.

 

 

About the Author

Technology journalist Michael Hardy is a former FCW editor.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.