Emsisoft Explores the Worst Passwords of the year 2013

pw-badThis Monday, password management app developer SplashData released a list of the 25 Worst Passwords of 2013.  The complete list, which includes some of the weakest passwords known to humanity, is as follows.

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. abc123
  6. 123456789
  7. 111111
  8. 1234567
  9. iloveyou
  10. adobe123
  11. 123123
  12. admin
  13. 1234567890
  14. letmein
  15. photoshop
  16. 1234
  17. monkey
  18. shadow
  19. sunshine
  20. 12345
  21. password1
  22. princess
  23. azerty
  24. trustno1
  25. 000000

The list represents SplashData’s research into the Internet’s most commonly used passwords.  Notable developments in this year’s list include ‘123456’ dethroning ‘password’ for the number one position and also ‘adobe123’ and ‘photoshop’ coming in at #10 and #15, which reflects the Adobe data breach in October of last year.

Passwords Are Your First Line of Defense

Brute force password hacking is one of the most common ways hackers break into computers.  As an example, note how 16/25 of the Worst Passwords of 2013 have been listed in bold.  All 16 of these passwords are known and used by the Conficker worm, which at its peak in 2008 infected 7 million computer worldwide and which continues to infect computers today.  (See full list of Conficker passwords here).

When it comes to bad passwords, it’s quite discouraging to see that in the last 5 years not much has changed.  64% of 2013’s Worst Passwords were being used by Conficker in 2008 and were largely responsible for the worm’s success.

Today, creating a good, unique password for every device and application you use is essential to securing your digital information.  Having a solid antivirus software like Emsisoft’s is important, but it’s also kind of irrelevant if you’re just handing out keys to get in.

How to Create an Impenetrable Password

There’s a lot of talk today about what comprises a good password.  Most sources will tell you that you need at least 16 characters, and that those characters need to be a unique combination of numbers, letters, and symbols.  For example, g43h3982D219Qtt7 is a pretty darn good password.  It makes absolutely no sense, and it is pretty much impossible to remember.

Unfortunately, what makes a password impenetrable is also what makes it hard for you to keep track of and use.  Creating a g43h3982D219Qtt7 for every device and app you use is easy enough – in fact, there are even password generators that will do this for you – but remembering which is which is tough.  Keeping track of everything with an excel sheet or word document is a big no-no, as well.  In light of this, companies like SplashData will manage your passwords for you.  If you’ve got the money and you stand a lot to lose, purchasing one of these services isn’t a bad idea at all.

But what about those of us who are looking for password security on a budget, who want something a little more effective than a bucket of water perched atop the threshold of our front door?

If you’re trying to manage your own passwords, the very best thing you can do is to be random.  Create passwords that only you could think of, and they’ll become passwords that only you can remember.  Don’t use anything associated to the facts of your life or that can easily be gleaned by perusing your social media.  Just gather some of the thoughts circling around in your head that you’ve never shared with anyone, and combine them to create a password you can call your own.

For example:

Have secret ambitions of becoming the next international tap dancing sensation, owning 6 iguanas, and retiring in Guam?  Excellent.  How about 6tappingiGUAMnas91a7, with some random characters added at the end for good measure.

Want to join the circus, buy a pony, and eat nothing but ½ pound burgers for the rest of your days?  Great!  Your new password is 0.500ponyClown4Life!

As you can see, the secret to good passwords is that they’re secret.  Things like g43h3982D219Qtt7 certainly work, but if you’ve got a colorful enough imagination it should do just fine.

In either the case, the important takeaway is that choosing passwords is not just some flippant activity.  It’s your first line of defense against malware.  For the best protection, use passwords that are random and passwords that are unique.  And whatever you do, stay the hell away from the Top 25.