Business Brains

The 25 worst passwords of 2011: 'password,' '123456'

Posting in Technology

This year's list includes many familiar terms.

In spite of a constant drumbeat of news about hacking and cracking computer accounts, users still are employing extremely common and obvious phrases as passwords.  A compilation of the most commonly used -- and potentially most insecure -- passwords seen over the past year was recently drawn up by Splashdata and reported in Mashable. Splashdata found that incredibly enough, the leading password in use today is the word "password." Interestingly, number 4 on the list, the keyboard lineup of "qwerty," is counterbalanced by item number 23, "qazwsx," which is the first three rows of keys typed vertically.

[UPDATE: Trustwave just published a list of the most commonly used passwords within enterprises -- which put many corporate systems at risk.]

Splashdata's 2011 list closely parallels that developed close to two years ago by Imperva, showing that these terms never go out of vogue.

Here is this year's list:

1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

SmartPlanet colleague Tuan C. Nguyen provides a surprisingly simple technique for deriving a strong password that makes it difficult for hacking programs to arrive at the right brute force combination -- employing a symbol in combination with an upper-case and lower-case letter.

Not everyone thinks that strong passwords are the answer, however. In another study on passwords, a Microsoft researcher conducted a cost/benefit analysis of  efforts to encourage stronger passwords, and questions whether the costs of strong password management outweighs the benefits.

Share this

Joe McKendrick

Contributing Editor

Joe McKendrick is an independent analyst who tracks the impact of information technology on management and markets. He is a co-author of the SOA Manifesto and has written for Forbes, ZDNet and Database Trends & Applications. He holds a degree from Temple University. He is based in Pennsylvania. Follow him on Twitter. Disclosure