Your Password Is Password, 123456 Or Qwerty

Posted By: Hayley Friday 26th February 2016

Please feel free to re-read this blog post which has been edited as of February 2020 to include relevant statistics of 2019.

So, passwords. Not the most interesting of subjects, yet with so much of our personal lives spread across this global network of computers we call the internet, many of us disregard the importance of this vital string of characters.

One single combination of characters giving access to your personal information, email accounts, banking and pictures of your own fluffy moggy. Yet, there is a good chance one of the words in the title of this blog is used somewhere in your electronic world. You may be thinking to yourself ‘ha ha no one would be that silly’. Well think again. Each year, SplashData compiles a list of the years stolen passwords and orders them on popularity. The list of 2 million passwords stolen reads like a guide on how to not choose a password. Drum roll…..

Top Ten Most Used Passwords of  2015:

  • 123456
  • Password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • Football
  • 1234
  • 1234567
  • Baseball

Other notable passwords include master (16), letmein (19) with starwars coming in at number 25.

Another drum roll please…..

Top Ten Most Used Passwords of  2019:

  • 123456
  • 123456789
  • qwerty
  • password
  • 1234567
  • 12345678
  • 12345
  • iloveyou
  • 111111
  • 123123

Whilst there’s some slight differences, it appears many of us still have not learned the password lesson!

Now we all know we are supposed to use secure passwords. So why don’t we do it? Many stolen passwords are a case of people not changing the default password on devices they may own. This is particularly common with network enabled devices such as routers, wifi devices and internet enabled webcams. Such items are now bought and used by technophobes to keep an eye on their aforementioned feline and have no idea about the dangers they may be introducing into their homes. Maybe the root cause is complacency. Humans are generally lazy beings who think it won’t happen to them.

So, now we all know the error of our ways, what do we do about it? What constitutes a strong password? A common belief is that a password with random special characters is needed, such as rR!£r$!, or something similarly confusing. Well this is not necessarily the case. Firstly, many passwords are hacked using hacking tools which go for the ‘brute force’ approach among others. In this case, the system literally goes through every combination of characters until the password is found. So, the longer the password, the longer it will take to crack. Also, passwords such as ttere%£d mean nothing, and unless you are an elephant you are unlikely to remember it, so you will likely write it down on a note stuck to your desk. So, we need something easy to remember, hard to guess, and long. So how about this for an idea?

  • Think of a phrase that’s odd but memorable. Make an image in your mind of the phrase – the green dog likes cheese
  • Add in a couple of upper cases and a number – theGreendoglikescheese
  • Add a number – theGreendoglikescheese1

This is not a common one, is odd enough for you to remember (just picture your favourite green dog tucking in to a nice piece of Red Leicester) and a brute force attack would take around 11000 Quintillion years to guess, give or take a year or so.

One more important point, make sure the password is nothing personal to you, so pet names, birthdays, favourite bands or anniversary dates. So will we learn? Of course not, but if we all make a small change here and there the internet will be a much more secure place.