The most common passwords used online in 2012

[alexmst]

The Worst Passwords of 2012, including their current ranking and any changes from the 2011 list:


1. password (Unchanged)
2, 123456 (Unchanged)
3. 12345678 (Unchanged)
4. abc123 (Up 1)
5. qwerty (Down 1)
6. monkey (Unchanged)
7. letmein (Up 1)
8. dragon (Up 2)
9. 111111 (Up 3)
10. baseball (Up 1)
11. iloveyou (Up 2)
12. trustno1 (Down 3)
13. 1234567 (Down 6)
14. sunshine (Up 1)
15. master (Down 1)
16. 123123 (Up 4)
17. welcome (New)
18. shadow (Up 1)
19. ashley (Down 3)
20. football (Up 5)
21. jesus (New)
22. michael (Up 2)
23. ninja (New)
24. mustang (New)
25. password1 (New)

Source: Splashdata

The latest list comes following 12 months of high profile hacks that have revealed user passwords.

Yahoo, LinkedIn, eHarmony, and Last.fm have all suffered major breaches.

Read more: http://www.dailymail.co.uk/sciencet...r-password-STILL-tops-list.html#ixzz2ALrYczSX
Follow us: @MailOnline on Twitter | DailyMail on Facebook


Read more: http://www.dailymail.co.uk/sciencet...r-password-STILL-tops-list.html#ixzz2ALqwVlnw

 

[blackrock13]

Creatues of habit, are we?

 

[superstar_88]

Well, in this day and age where passwords are required for everything it makes it mighty difficult to remember.

 

[Imperius]

Thanks for posting. I read the list and realized I was using one of them. :embarassed:

Hobbying funds now secure!

 

[Ember.GFE]

The Worst Passwords of 2012, including their current ranking and any changes from the 2011 list:

11. iloveyou (Up 2)

I used to use this one! hehe :clap2:

 

[fuji]

I make up a sentence and then use the first letter of each word as a password.

imausatutfloewaap

You can make pretty long passwords that way that are easy to remember and impossible to guess.

ycmplptwtaetraitg

If asked to put numbers and punctuation? No problem!

Ia2pnap?Np!

A password I use everywhere, version for Mybank.

ApIue,v4M

 

[LurkingInMyTent]

I make up a sentence and then use the first letter of each word as a password.

snip...

Better yet, use the entire sentence - it used to be the received wisdom not to use plain words, and as shown by the list above, this is still a bad idea, but stringing several of them together is very secure. For example "enterprise" would be a poor choice, but "toboldlygowherenomanhasgonebefore" would a a great password if it wasn't so well known. However something like "patricstewartcanactcirclesaroundbillshatner" is very strong, even though I don't personally agree with the opinion expressed.

 

[Anynym]

There are many ways of creating a reasonably secure password.

Much as I hate to admit Fuji being right (fortunately, it doesn't happen very often), his suggestions above are sound.

Other reasonably sound methods could be to interleave letters from several memorable words, possibly with common substitutions (e.g. Zero for the letter o, the number 1 for the letter I, etc). E.g. You might interleave the words "interleave letters" to come up with "ilnettet". Then you might substitute the duplicated "t" with the number 2. And you might capitalize the first letter of the second word (the "L"). And you end up with "iLnet2et", which would take a long time to crack with brute force methods while you had a chance to remember how you created it, if you had trouble remembering the password itself.

 

[Anynym]

Better yet, use the entire sentence - it used to be the received wisdom not to use plain words, and as shown by the list above, this is still a bad idea, but stringing several of them together is very secure. For example "enterprise" would be a poor choice, but "toboldlygowherenomanhasgonebefore" would a a great password if it wasn't so well known. However something like "patricstewartcanactcirclesaroundbillshatner" is very strong, even though I don't personally agree with the opinion expressed.

To use a long sentence, you need to know how the site deals with passwords. Many sites will only use the first ten or so characters from a password when creating the encrypted password. So "toboldlygowherenomanhasgonebefore" gets truncated to "toboldlygo" and is rather easy to guess programatically.

 

[blackrock13]

I know in some companies they tell you not to use a pet or child's name, too easy.

 

[red]

my password:

wow you have nice boobs

 

[GameBoy27]

Check the strength of your password.

http://www.passwordmeter.com/

http://howsecureismypassword.net/

 

[fuji]

Check the strength of your password.

http://www.passwordmeter.com/

http://howsecureismypassword.net/

I guess your password is less secure once you have added it to those lists.

 

[GameBoy27]

I guess your password is less secure once you have added it to those lists.

I thought of that, that's why I only checked "password" and "123456".

 

[shrek71]

If you wish to easily create strong passwords, then use an application such as www.lastpass.com. It is a browser based plugin and it will allow you to generate passwords for any site that requires a login. It's free to use, although if you wish to use it on a mobile device there is a small monthly charge. The only password you have to remember is the master password to access.

I use it and find it works quite well for my needs.

Cheers

 

[alexmst]

To me it depends on the site. For a banking site I use a complex long password. For a retail store log on that doesn't store my credit card info, a simple one will do that is easy to remember.

Some sites request the length be between 6 and 10 characters. I have a complex one for my back up external hard drive that I store off site. Chance of theft of it are average, but the thief won't crack it so no worries - it is a complex 25-30 characters long. I think a lot depends on who one is trying to deny access to. It would take a lot to prevent, say, the NSA from getting in, but not much to prevent the burglar down the road from getting in. Burglar down the road would give up after an hour of guessing incorrectly and format the drive to use/sell (if he bothered trying to crack it at all) and that is who I am defending against.