123456 Leads The Worst Passwords Of 2016

New report analyzes trends in more than 5 million passwords stolen from enterprises and leaked to the public last year.

It may be a ho-hum fact for many longtime security practitioners, but it nevertheless remains a fact that most users password hygiene stinks. And since the needle on this matter moves about as much as a speedometer needle on an engineless car, the topic clearly bears revisiting. This time the reexamination of poorly chosen password comes by a recent report by SplashData on the worst passwords of 2016.
The team at SplashData took a look a look at more than five million passwords that were stolen from enterprises and leaked to the public last year to get a feel for the types of authentication secrets people use in real world. The results arent pretty. According to the firm, the most common passwords are also ridiculously insecure - both from a prevalence and ease of guessing standpoint.
Tops on the list was 123456, which makes up about 4% of the sample set, followed closely by password. In its entirety, the list shows that users continue to favor simplicity and convenience over security of their accounts:
123456
password
12345
12345678
football
qwerty
1234567890
1234567
princess
1234
login
welcome
solo
abc123
admin
121212
flower
passw0rd
dragon
sunshine
master
hottie
loveme
zaq1zaq1
password1

Also troubling is that the list is littered with many more trivial variations of the top two offenders, with six sequential number variations and three variations of password.
Making minor modifications to an easily guessable password does not make it secure, and hackers will take advantage of these tendencies, says Morgan Slain, CEO of SplashData, Inc.
In fact, 2016 also offered up the perfect anecdotal evidence to show the dangers of crummy passwords: the Democratic National Committee (DNC) hack was laid partially at the feet of a negligently chosen password. WikiLeaks Julian Assange claims that John Podesta, chairperson of Hillary Clintons 2016 campaign, used a password variant for one of his systems, and other reports show that Podesta used a slightly more sophisticated but still easily hacked Runner4567 for several others.
It was that second gaffe that allowed attackers to take over multiple online accounts in a fell swoop, and which illustrate the fact that choosing a quality password is just one part of password hygiene.
In a recent interview, Facebook CSO Alex Stamos claims password reuse is one of the biggest online dangers to user accounts.
The biggest security risk to individuals is the reuse of passwords, if we look at the statistics of the people who have actually been harmed online. Even when you look at the advanced attacks that get a lot of thought in the security industry, these usually start with phishing or reused passwords,
he said in an interview with
TechCity
.
In fact, a
report out last week from Shape Security
reports that reused passwords are fueling a credential-stuffing hacking bonanza online today. The firm released a report that showed 90% of todays enterprise login traffic comes from attackers automatically trying passwords stolen from one site in login screens at other sites in order to takeover accounts.
Shape reports that theyre successful about 2% of the time--a very lucrative rate when they play the numbers game with millions of stolen credentials stuffed across hundreds of sites online.
Related Content:
10 Cocktail Party Security Tips From The Experts
Survey Points to Slight Rise in Adaptive Authentication Over 2FA
7 Common Reasons Companies Get Hacked
Yahoo Reveals Nation State-Borne Data Breach Affecting A Half-Billion Users

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
123456 Leads The Worst Passwords Of 2016