123456 – The Worst Passwords and How to Simply Pick a Secure One
Mark Zuckerberg should know better. A couple of years ago, it became public that the founder of Facebook was one of the victims of the 2012 LinkedIn hack. He is in good company of 117 million users, whose account details have been offered for sale on the internet in May 2016. Of course he is not responsible for the hack - but he is for his password.
In the turn of this leak it has been confirmed once again: people are very uncreative when it comes to passwords. And Mark Zuckerberg is no exception. Here is a small collection of the most unsecure passwords, including the above-mentioned, prominent pioneer in terms of cyber(un)security. Afterwards we will introduce ways to easily manage secure passwords for all your accounts.
1. The universally popular number combination
Among the stolen LinkedIn passwords of 2012, as well as in every list of the most used (therefore worst) passwords of the last years, there are numerous examples of the classic number combination. 000000, 123456, 654321, or 123123 really asks for zero creativity. This tells us that people hold on to their favorite unsecure passwords, and vehemently ignore the constant warnings on the web. 123456 is the undisputed frontrunner since 2013. In 2012 it came in second.
Scale of creativity: -8
2. Passwords reflect current popular culture
The IT-company SplashData provides an annual list of the worst passwords. The worst passwords are those which are used most often. The interesting part is: The passwords mirror our popular culture. In 2015, for example, passwords such as “princess”, “solo”, or – even more obvious – “starwars”, entered the list. If you want your accounts to be hacked, you should definitely go for it. Use the title or character names of the movie you enjoyed most this year, especially if it is a huge blockbuster that the whole world knows. Nobody else will have had this glorious idea before.
Scale of creativity: -5
3. Lazy fingers
Almost as common as the combination of numbers in the first section is the phenomenon of “lazy fingers”. Maybe, the frequency of the highly unsecure password “qwerty” is the smart attempt of the generation smartphone to prevent the new widespread disease of the “smartphone thumb”. If you choose the letters Q W E R T Y – they are right next to each other on the keyboard – the health of your thumb will be protected tremendously. The physical effort of entering the password is decreased to a minimum. However: The security of your accounts will decrease immensely, too.
It is the new dilemma: a healthy thumb vs. data privacy. It is just as relevant as the constructed opposition of security vs. privacy in the encryption debate. But, our tips will show that a healthy thumb and data privacy do not have to exclude each other.
Scale of creativity: -6
On the first ranks of Splashdata’s list the number combinations compete for the best positions. Nevertheless, in between you can find another phenomenon: Just as much as people love movies – see the Star Wars example – they love sports. A piece of advice for sports fans: These kinds of passwords are very predictable. Your passion for a certain sport can surely be expressed in a better way than in a password.
Scale of creativity: -8
5. The password for people who declared war on creativity
For this category we are almost lost for words. Even though the frontrunner of this category only came in second in the list of 2015, it is our number one in lack of creativity. If someone cannot even remember the order of 123456, he or she may choose the password “password”. Slight alterations, such as “passw0rd”, do not really help. Its relatives “login”, “welcome”, and “letmein” are not much better.
Scale of creativity: -10
The saddest password ever
And the winner in the category saddest password is: Mark Zuckerberg for his masterpiece “dadada”. One might think it is a reference to the cult classic of the German “Neue Deutsche Welle” and therefore categorizes as a cultural reference. But it is highly doubtful that Mark Zuckerberg has knowledge of this German cultural artifact.
Scale of creativity: -9
However, the founder of Facebook did not only make himself vulnerable because of the shortness and simplicity of his password. The fact that he used it for several accounts is similarly problematic. For that reason, not only his LinkedIn account, but also his Twitter and Pinterest accounts, have been compromised.
We put together some tips to help you avoid that what happened to Zuckerberg, will happen to you. They will show that good and secure password management can be very simple.
Password managers and other strategies for your secure password
A password manager makes it very simple to create and manage secure passwords. You will only have to remember one password – the one for the manager. LastPass, for example, is available free of charge. For using it on an unlimited number of devices and more features, LastPass charges $36 annually. $3 per month is a great price for making your life so much easier, and your accounts so much safer.
If you do not want to spend any money, we advise you to follow tip 8 in this list to create secure passwords. This solution is not as simple as the password manager. But it is cheaper, and definitely more secure than “dadada”.
Another solution is to write down your passwords and store them at a secure place. You can use a safe, or – if you are already using our software – Boxcryptor. Safe the passwords to an encrypted folder in the Boxcryptor drive, to make sure that nobody can access them, but you. You can access your passwords from everywhere, but of course it is a little more complicated than using a password manager.