Despite warnings by security experts and repeated breaches, it appears that some internet users have not updated their passwords to a more secure one. SplashData, the company that makes password manager SplashID,
studied more than 5 million leaked passwords from recent breaches and found that many of the commonly used passwords on the list are commonly used bad passwords from previous years, like “123456,” “password,” “admin,” and “abc123.”
Several of the 25 included passwords were repeats from previous years, but there were a handful of new ones. Some were more poignant for the hellish year (“666666” and “!@#$%^&*” and “donald”) compared to inexplicably optimistic-sounding ones (“sunshine” and “princess”).
Top Methods How Hackers Can Hack Facebook Accounts & How To Protect From Them ?
Here are the worst passwords of 2018. It’s probably fair to say people find simple numerical strings to be the easiest to remember.
1 – 123456
2 – password
3 – 123456789
4 – 12345678
5 – 12345
6 – 111111
7 – 1234567
8 – sunshine
9 – qwerty
10 – iloveyou
11 – princess
12 – admin
13 – welcome
14 – 666666
15 – abc123
16 – football
17 – 123123
18 – monkey
19 – 654321
20 – !@#$%^&*
21 – charlie
22 – aa123456
23 – donald
24 – password1
25 – qwerty123
SplashData estimates that no fewer than 10 percent of people “have used at least one of the 25 worst passwords on this year’s list”. In addition, almost 3 percent of people are estimated to have used the most common poor password, ‘123456’.
For starters, users can use a password manager to collect their passwords securely in one place. Some popular ones include SplashData’s SplashID, LastPass, and 1Password. In addition to securely storing your passwords, many password managers can also dynamically generate unique, strong passwords when you need to create a new site login or update an existing credential. With a unique password, if one site gets breached, your other credentials wouldn’t be affected.
For banking, social media profiles, and other important websites, you can also add multi-factor or two-factor authentication. In addition to requiring a username and password, an additional authentication factor, like a six- or eight-digit passcode, must be used to log in These codes are either sent to you via text message or can be obtained through an authentication app.
Another way to make your password great again is to use an inexpensive hardware-based security key. Prior to releasing its own Titan USB key, Google claimed that when it started internal testing by requiring its employees to use a hardware key in 2017, it saw zero incidents of phishing attacks. With multi-factor authentication, even if an attacker has your login credentials, they wouldn’t be able to access your account without having a hardware key, a passcode sent to your phone, or a unique code that’s generated with an authentication app. Once linked to your account, the hardware keys will work with Windows, Macs, and smartphone devices over USB, USB-C, Bluetooth, or NFC connections, depending on the variant of the key.
