25 Most Popular Passwords. Warning – Do Not Use These.

KeeperSecurity has performed an analysis of compromised hacked data and made some startling conclusions. American’s use really dumb passwords with alarming regularity.  In fact, 17% of accounts are protected with the stupidest password of all ‘123456″.  It’s hard to believe that 1 in 5 accounts in the US are protected with something so simple.

The analysis conducted on information from 10 million breached accounts showed that the following passwords were most commonly found in the dataset.

most-used-passwords

KeeperSecurity made the following conclusions about these dumb passwords:

  • The list of most-frequently used passwords has changed little over the past few years.. That means that user education has limits. While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.
  • Four of the top 10 passwords on the list – and seven of the top 15 – are six characters or shorter. This is stunning in light of the fact that, as we’ve reported, today’s brute-force cracking software and hardware can unscramble those passwords in seconds. Website operators that permit such flimsy protection are either reckless or lazy.
  • The presence of passwords like “1q2w3e4r” and “123qwe” indicates that some users attempt to use unpredictable patterns to secure passwords, but their efforts are weak at best. Dictionary-based password crackers know to look for sequential key variations. At best, it sets them back only a few seconds.
  • Email providers don’t appear to be working all that hard to prevent the use of their services for spam. Security expert Graham Cluley believes that the presence of seemingly random passwords such as “18atcskd2w” and “3rjs1la7qe” on the list indicates that bots use these codes over and over when they set up dummy accounts on public email services for spam and phishing attacks. Email providers could do everyone a favor by flagging this kind of repetition and reporting the guilty parties.

I Fell Victim to Dumb Passwords

2 years ago I fell victim to dumb passwords and had to delete 2 websites because of it.  I had a team out of India do a couple of blogs for me I forgot to change the default login’s they setup for me on my wordpress accounts:

  • UserName – Admin
  • Password – Admin123

Anybody familiar with brute force attacks will tell you that the combination of that username and password are probably the first combinations the BotNets will try.

2 of my websites were so compromised that I could not even clean them and I ended up deleting the sites costing me hundreds of hours of work and thousands of dollars.

I learned the hard way that dumb passwords have bad consequences.

50% of Consumers Re-Use Passwords Across Their Online Accounts

50% of consumers use the same password on their Facebook accounts, that they do on their Linkedin accounts and other services such as Uber, Amazon and Netflix.

This is a real bad idea.  A horrible idea actually, which puts consumers at heightened risk of identity theft, banking fraud and online fraud.  How bad of an idea is it?  I would suggest you read this excellent article by Naked Security that analyzes the risk that consumers take on when they engage in this practice.

If you are using any of the passwords on America’s Dumbest Password list I suggest you change it.

Frank McKenna is the Chief Fraud Strategist for PointPredictive and a Fraud Consultant based in San Diego California