Worst passwords of 2012

The annual list of the most common passwords used on the internet

Password management application firm SplashData has released its annual list of the most common passwords used on the internet with some surprising results. Drew shares the list and explains how to create a secure password.

The biggest movers on the list this year at the top end of the scale are '111111' and 'dragon'. While we don’t have an explanation for the move by '111111', we were not surprised to see 'dragon' move up the list with 2012 being the Year of the Dragon.

The three most common password from last years list have remained at the top of this year’s list with 'password', '123456' and '12345678'. find out how to keep your passwords safe by reading Drew’s password tips to keep your data secure and how to choose a secure password. 

Top 25 most common passwords

  1. password
  2. 123456
  3. 12345678
  4. abc123
  5. qwerty
  6. monkey
  7. letmein
  8. dragon
  9. 111111
  10. baseball
  11. iloveyou
  12. trustno1
  13. 1234567
  14. sunshine
  15. master
  16. 123123
  17. welcome
  18. shadow
  19. ashley
  20. football
  21. jesus
  22. michael
  23. ninja
  24. mustang
  25. password1

For more information visit www.spashdata.com


    To make a comment, please register or login
    2nd Nov 2012
    Hackers and other nasties use often automated software to break passwords. They usually start with a list or dictionary of English words, and try all possible combinations of those words against the target. They exploit a weakness in the password encryption techniques used by software venders to enable any password which only uses english language words (that would be in a dictionary) to be cracked more much more easily than a random group of letters which are not words.
    My approach is to use passwords which include numbers and punctuation, as well as capitals and lower case letters, but not english language words. These can be hard to remember.
    One way to create a rememberable string of letters is to take the initial letters of some phrase or group of words that you can easily remember. Even better if they contain a number and some punctuation - eg the first few lines of a nursery rhyme are "Three blind mice, Three blind mice, See how they run" becomes '3bm,3bm,Shtr' - which requires an enormous amount of compute power and time to break, yet is reasonably easy to remember.
    Try song titles, band/group titles, poems, biblical verses, sayings, proverbs. latin phrases and such like as the basic phrase. Be careful as sometimes even the initial letters of a phrase can form a word likely to be in the dictionary - eg "Mary had a little lamb" becomes "Mhall" - which contains the word 'hall'.
    Good luck KenF
    2nd Nov 2012
    Ken, I suggest you hit "Post comment" only once, so that your comment is not repeated.
    3rd Nov 2012
    How does SplashData, or anyone for that matter, know what our passwords are? Aren`t we meant to keep them too ourselves?
    4th Nov 2012
    My apologies to everyone for hitting the 'post comment' button twice. I hope the moderator can remove the second posting.

    We keep them to ourselves, but the computer has to store them - that is the basic problem.

    When you use a system for the first time you usually have to create a 'user account' with a user name and password. The system admin staff may do this for you in a work place environment. The password is then encrypted by the operating system and stored on disk indexed by your user-name. When you log on at some later date, the password that you give is encrypted by the system, and compared to the encrypted password that was previously stored under your user-name. If it matches, you are allowed to log-on, otherwise you get a 'password failure' message.
    Hackers know how to find the file of encrypted passwords (it is usually well documented), but they cannot tell what the un-encrypted password is. They then use some special programs which try to work out the original passwords from the encrypted version - this is called 'cracking the encryption' or simply 'decryption'. Such programs are readily available on the Internet. The programs use all of the tricks that they can to perform the decryption - such as first trying most common 'worst passwords' as listed in the article above (and a lot of other variations to these techniques). If that doesn't work, they then face a very compute intensive task of trying all possible combinations until they manage the decryption. We can make that task more difficult by using passwords with a mixture of capital letters, lower case letters, digits, and punctuation marks. Also we can make it even maor difficult by using longer passwords. However, a password like "Ax7@f129bRgY8&^%" is probably very secure but also probably very useless because you probably could not remember it, nor type it quickly and accurately. Hence my suggestion of the initial letters of the words in a song title, song line, poem or such like as these are easier to remember. hope this helps KenF

    Join YOURLifeChoices, it’s free

    • Receive our daily enewsletter
    • Enter competitions
    • Comment on articles