25 worst passwords of 2011 revealed
Using short or common words 'like leaving your door open for identity thieves'
The most common passwords of 2011 — obviously ones you should avoid using — range from the simple "password" and "123456," to "football" and "michael," data posted by hackers reveals.
"Hackers can easily break into many accounts just by repeatedly trying common passwords," said Morgan Slain, CEO of SplashData, Inc., the computer security firm that compiled the list, in a statement Monday.
"If you have a password that is short or common or a word in the dictionary, it's like leaving your door open for identity thieves."
He advised anyone using any of the passwords on the list to change their passwords immediately.
How safe is your security password? Have your say.
SplashData said it compiled the list from files containing stolen passwords posted online by hackers.
Many on the list are sequences of numbers between 1 and 6 in order, either forward or backward. Sequences of letters on the keyboard in order, such as "qwerty" and "qazwsx" were also common, as were some first names, sports and animals.
The complete Top 25 are:
Tips for strong passwords
- Make them eight characters or more, with a mix of characters, e.g., letters, numbers, symbols.
- One way to create longer, easy-to-remember passwords is to separate short words with spaces or other characters, e.g., "eat cake at 8!"
- Don't use the same username/password combination for multiple websites.
- Use a password manager if you have trouble remembering your passwords. SplashData makes one called SplashID Safe.
Source: SplashData Inc.
In the past year, hacker collectives such as Lulz Security, also known as LulzSec, have taken responsibility for cyberattacks on websites such as Sony and Nintendo, and have posted stolen data such as usernames and passwords online that they claimed were from those sites and others, including Facebook and PayPal.
In June, an Australian IT security consultant launched a website called "ShouldIChangeMyPassword.com" that lets people check if their usernames and passwords are among the 800,000 in the database he compiled of stolen passwords available on the web.