Splashdata, the leading password manager, publishes an annual list of the 25 most common passwords, compiled from files containing millions of stolen passwords posted online during the previous year.
The company advises consumers or businesses using any of the passwords on the list to change them immediately.
For the first time since SplashData began compiling its annual list, "password" lost its title as the most common and therefore Worst Password, and two-time runner-up "123456" took the dubious honor. "Password" fell to #2.
The 25 most common passwords of 2013 (2014's list is not yet out), along with the change in rank from the previous year, were:
1. 123456 (Up 1)
2. password (Down 1)
3. 12345678 (Unchanged)
4. qwerty (Up 1)
5. abc123 (Down 1)
6. 123456789 (New)
7. 111111 ( Up 2)
8. 1234567 (Up 5)
9. iloveyou (Up 2)
10. adobe123 (New)
11. 123123 (Up 5)
12. admin (New)
13. 1234567890 (New)
14. letmein (Down 7)
15. photoshop (New)
16. 1234 (New)
17. monkey (Down 11)
18. shadow (Unchanged)
19. sunshine (Down 5)
20. 12345 (New)
21. password1 (up 4)
22. princess (New)
23. azerty (New)
24. trustno1 (Down12)
25. 000000 (New)
For nearly 20 years, the secret code to authorise launching U.S. nuclear missiles, and starting World War III, was terrifyingly simple and even noted down on a checklist. From 1962, when John F Kennedy instituted PAL encoding on nuclear weapons, until 1977, the combination to fire the devastating missiles at the height of the Cold War was 00000000.
This was chosen by Strategic Air Command in an effort to make the weapons as quick and as easy to launch as possible.
The Permissive Action Link (PAL) is a security device for nuclear weapons that it is supposed to prevent unauthorized arming or detonation of the nuclear weapon. JFK signed the National Security Action Memorandum 160 in 1962 that required all nuclear missiles to be fitted with a PAL system. But nuclear experts claim the military was worried about the possibility of command centres or communication lines being destroyed in real nuclear war, stopping soldiers getting the codes or authorization to launch missiles when they were actually needed. So they simply left the security code for the weapons as eight zeros, getting around the security safeguards.
The Air Force has denied that 8 zero’s was ever the nuclear launch code but various other experts say that the Air Force is telling porkies. These boffins point to evidence in support and that the Air Force has been caught out fibbing before.
In September, 2001, after the deaths of 960 New York employees in the September 11 attacks, financial services firm Cantor Fitzgerald through Microsoft broke the passwords of deceased employees to gain access to files needed for servicing client accounts. Technicians contacted families to gather personalised information that might reduce the search time for weaker passwords.
"This summer I learned how to get into, well, everything. With two minutes and $4 to spend at a sketchy foreign website, I could report back with your credit card, phone, and Social Security numbers and your home address. Allow me five minutes more and I could be inside your accounts for, say, Amazon, Best Buy, Hulu, Microsoft, and Netflix. With yet 10 more, I could take over your AT&T, Comcast, and Verizon. Give me 20—total—and I own your PayPal. Some of those security holes are plugged now. But not all, and new ones are discovered every day.
The common weakness in these hacks is the password. It’s an artifact from a time when our computers were not hyper-connected. Today, nothing you do, no precaution you take, no long or random string of characters can stop a truly dedicated and devious individual from cracking your account. The age of the password has come to an end; we just haven’t realized it yet."
- Matt Honan
Kill the Password: Why a String of Characters Can’t Protect Us Anymore.
Splashdata, which compiled the list of the 25 most common passwords, also gave these tips for strengthening passwords:
- Use passwords of eight characters or more with mixed types of characters. But even passwords with common substitutions like "dr4mat1c" can be vulnerable to attackers' increasingly sophisticated technology, and random combinations like "j%7K&yPxquot; can be difficult to remember.
- One way to create more secure passwords that are easy to recall is to use passphrases -- short words with spaces or other characters separating them. It's best to use random words rather than common phrases. For example, "cakes years birthday" or "smiles_light_skip?"
- Avoid using the same username/password combination for multiple websites. Especially risky is using the same password for entertainment sites that you do for online email, social networking, or financial service sites. Use different passwords for each new website or service you sign up for.
- Having trouble remembering all those different strong passwords? Try using a password manager application that organizes and protects passwords and can automatically log you into websites.
As for me, I’ll stay with “swordfish”. Oops, forget that I said that.