920-290-0936
Blog

Worst Passwords of 2019

This week I would like to discuss the password. You know the password that you use for every site you visit. It is always the same; it never changes, because you can remember it so well. Unfortunately it is the easiest to crack. This year has been a busy year for organizations and hackers alike, and terrible passwords remain unchanged. Passwords such as “123456” and “password” continue in the top #5 spots, and President Trump is on this year’s list again, with “donald” showing up as the 33rd most frequently used password, according to password management company Splashdata. 

Splashdata’s annual round-up of the worst passwords of 2019 is based on five million passwords that were leaked online and found in data breaches throughout the year. 

The worst of 2019 are:

1 – 123456 (rank unchanged from 2018)
2 – 123456789 (up 1)
3 – qwerty (Up 6)
4 – password (Down 2)
5 – 1234567 (Up 2)
6 – 12345678 (Down 2)
7 – 12345 (Down 2)
8 – iloveyou (Up 2)
9 – 111111 (Down 3)
10 – 123123 (Up 7)
11 – abc123 (Up 4)
12 – qwerty123 (Up 13)
13 – 1q2w3e4r (New)
14 – admin (Down 2)
15 – qwertyuiop (New)
16 – 654321 (Up 3)
17 – 555555 (New)
18 – lovely (New)
19 – 7777777 (New)
20 – welcome (Down 7)
21 – 888888 (New)
22 – princess (Down 11)
23 – dragon (New)
24 – password1 (Unchanged)
25 – 123qwe (New)

The one that had me perplexed is number 15; at first I thought how original, but then I noticed that it was the complete row from Q toP of the keyboard. In many instances I have come across number 4, it is used on most pc’s that I encounter. This is not good security in any instance.

Although this year’s set had some longer passwords, clearly the ones on here aren’t exactly stronger. If you’re just using a numerical progression that’s 10 characters long, that’s not really a good password. You’re not really getting extra strength from the length if it’s just a simple keyboard pattern, or a numerical pattern, or a word from the dictionary. The naughty factor here is using one password for all of your sites. If your password gets leaked, then all of your sites become vulnerable. According to the traditional advice — which is still good — a strong password is:

Includes Numbers, Symbols, Capital Letters, and Lower-Case Letters: Use a mix of different types of characters to make the password harder to crack.

 Isn’t a Dictionary Word or Combination of Dictionary Words: Stay away from obvious dictionary words and combinations of dictionary words. Any word on its own is bad. Any combination of a few words, especially if they’re obvious, is also bad. For example, “house” is a terrible password. “Red house” is also very bad.

Do not rely on Obvious Substitutions: Don’t use common substitutions, either — for example, “H0use” isn’t strong just because you’ve replaced an o with a 0. That’s just obvious.

Try to mix it up — for example, “BigHouse$123” fits many of the requirements here. It’s 12 characters and includes upper-case letters, lower-case letters, a symbol, and some numbers. But it’s fairly obvious — it’s a dictionary phrase where each word is capitalized properly. There’s only a single symbol, all the numbers are at the end, and they’re in an easy order to guess. I am always asked “what’s a good strong password”? Using the aforementioned method above, also using a life changing event, childbirth, career change, a new car, something that only you can relate to, and will be easy to remember/ impossible for others to guess. What I can tell you is how many of you use number 1, 2, and 4, way too many of you do! Thanks for reading, and keep your PC secure and your family safer.  Remember at “Hunt Technology”, you always get “Quality Service & Individual Attention” you deserve.

Hunt Technology, 320 Watson St., Ripon WI, 920-290-0936

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.