HACKER’S DELIGHT: ‘123456’ tops worst password of 2013

As more and more people get online to chat, play, shop and bank, there never has been a more important time to be secure on the internet. Choosing a password is one decision that should be made very carefully, as cyber-criminals and website administrators continue to battle it out over stealing or safeguarding internet users’ details. Yet it seems that not everyone got the memo, as Irish news site thejournal.ie discovers. 

Most of us are guilty of using passwords that may be easy to remember but also easy for a hacker or disgruntled partner to crack. However some password choices really take the biscuit, as thejournal.ie reporter Michelle Hennessy uncovered. Unbelievably many still go for far from fail-safe choices like ‘123456’ and ‘password’. Slightly more witty surfers have opted for eclectic picks such as ‘monkey’ and ‘letmein’ to access their accounts.

Hackers (Photo credit: José Goulão)

Every year, mobile data company Splashdata releases a special list of the top easy-to-break passwords used by the public. All their data comes from lists of passwords placed online by hackers who have broken into websites. Last year’s list was influenced by a daring raid on the servers of software company Adobe in which several thousand passwords were leaked onto the Web.

The list of the worst passwords to use is as follows:
1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunrise
20. 12345

Splashdata released some valuable advice to go with their top 20 worse possible choice of passwords. The company has recommended that users think up passwords with at least eight characters, and ideally aim to create a ‘pass-phrase’ rather than just a single word, using other characters and underscores to separate the words. Use a variety of characters and numbers to create your password, the more complicated, the better. Also avoid using the same password combination for multiple accounts. If a hacker gains access to one of your accounts, then this will only make life easier for them when they realise that the key fits all the locks, and this can cause untold online damage and financial losses. It also goes without saying that if one of your passwords appears in the above list, or you have one that is just as simple, you are strongly advised to change it immediately.

Be careful when surfing, as some websites and downloads carry malware and trojans that can log keystrokes and send your password to a waiting hacker. Make sure your firewall is fully turned on and check that you have a current and updated anti-virus software package present. Even if you use a common word such as ‘password’ and change the ‘o’ to a zero for example, Splashdata warns that hackers could still get in. The CEO of the company, Morgan Slain, said “Hackers can easily break into many accounts just by repeatedly trying common passwords”. Indeed a select, but growing number of enterprising password breakers have made use of customised hacking programs that can flick through an entire dictionary of words before finding the right one, often in a matter of minutes.

Even though people are encouraged to select secure, strong passwords, many people continue to choose weak, easy-to-guess ones, placing themselves at risk from fraud and identity theft.” Slain added.

Hacker inside
Hacker inside (Photo credit: Wikipedia)

Hackers in search of easy money and Dick Turpinesque status on the information superhighway have already made headlines last year. In December, two million passwords belonging to Facebook, Gmail and Twitter accounts were uncovered by an unknown group of hackers using a keyword logging virus and a Dutch server. The compromised accounts, which also included 6,000 remote log-ins and 41,000 credentials used to connect to File Transfer Protocol (FTP, the standard network used when transferring big files), were being illegally accessed as early as October. The sites were forced to reset all the compromised passwords.

Also in that same month, American supermarket chain Target became the victim of a serious hack in which the credit and debit card details of 40 million online grocery shoppers were swiped. That was larger than the entire population of neighbouring Canada. Earlier in 2013, dating site Cupid Media had 42 million names, emails and ‘plaintext’ passwords lifted from its profiles. The hoarded cache of personal information was found by cyber investigators located on the same server as other stolen details from  Adobe, PR Newswire, and the National White Collar Crime Center. This incident was described by technology news outlet Ars Technica as ‘one of the bigger passcode breaches on record’. The Cupid Media user records contained the usual assortment of weak passwords. More than 1.9 million accounts were protected by ‘123456’. Another 1.2 million used ‘111111’. 

Half-Eaten Mind on Twitter LINK
TheJournal.ie on Twitter LINK
“Weird Wide Web: Bad passwords, printed chocolate and creepy human emojis” – Michelle Hennessy, thejournal.ie/Journal Media (26 January 2014) LINK
“’123456′ tops list of worst passwords of 2013” – Quinton O Reilly, Business ETC/Journal Media (20 January 2014) LINK
“New study finds the 25 worst internet passwords” – thejournal.ie/Journal Media (20 November 2011) LINK
“2 million Facebook, Gmail and Twitter passwords stolen in massive hack” – Jose Pagliery, CNNMoney/Cable News Network. A Time Warner Company (4 December 2013) LINK
“2013 was a very hacked year” – Dave Neal, The Inquirer/Incisive Media Investments Limited (26 December 2013) LINK
“Hack of Cupid Media dating website exposes 42 million plaintext passwords” – Dan Goodin, Ars Technica/Condé Nast  (20 November 2013) LINK
“What is internet security?” – BBC Webwise Learning and Knowledge Beta, BBC (6 June 2013) LINK 


Enhanced by Zemanta

15 thoughts on “HACKER’S DELIGHT: ‘123456’ tops worst password of 2013

  1. Great post and excellent eye opener…I actually know several friends who use some of these obvious passwords that they were told to use by web designers….”in case you forget, use something you will never forget” they forgot to add, and the whole world will remember too. Thanks for visiting my blog by the way:) Oliana


    1. Hi Oliana,

      Thanks for your visit and comment too. These web designers shouldn’t be handing out such advice. They’re better off sticking to web designing hahahaha.
      Definitely should forward this article to your friends.



      1. Web designers appear as their guru…Im just a humble woman who counsels youths…what do I know about on-line safety (just try to advise kids daily) but adults are a different breed.


  2. What a disaster. People really do that?

    Mnemonic aids, people, mnemonic aids. Write a sentence that only you would write, use a few numbers and symbols to represent some of the words, capitalize one of the letters at random.

    Am I the only person in the world who was listening when Patrick Jane explained the concept of the memory palace?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.