25 Worst Internet Passwords

FOX News ^ | 11/20/11

[freespirited]

If “password” is your password, chances are you’ve been the victim of a hack attack.

“Password” is the least successful, according to SplashData’s annual list of worst Internet passwords.

The list, notes Mashable.com, is somewhat predictable. Sequences of adjacent numbers or letters on the keyboard, such as “qwerty” and “123456,” and popular names, such as “ashley” and “michael,” all are common choices. Other common choices, such as “monkey” and “shadow,” are harder to explain.

As some websites have begun to require passwords to include both numbers and letters, it makes sense varied choices, such as “abc123″ and “trustno1,” have become popular choices.

SplashData created the rankings based on millions of stolen passwords posted online by hackers. Here is the complete list:

1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

SplashData CEO Morgan Slain urges businesses and consumers using any password on the list to change them immediately.

[Doe Eyes]

Amazing how stupid people can be

Are you really amazed?

[beebuster2000]

don’t call that number !!

trust me on this.

[GnL]

Here’s the password I use for everything. It’s a pain in the ass to remember, though:

3.1415926535897932384626433832795028841971693993751058209749445923078164062862089986280348253421170679821480865132823066470938446095505822317253594081284811174502841027019385211055596446229489549303819644288109756659334461284756482337867831652712019091456485669234603486104543266482133936072602491412737245870066063155881748815209209628292540917153643678925903600113305305488204665213841469519415116094330572703657595919530921861173819326117931051185480744623799627495673518857527248912279381830119491298336733624406566430860213949463952247371907021798609437027705392171762931767523846748184676694051320005681271452635608277857713427577896091736371787214684409012249534301465495853710507922796892589235420199561121290219608640344181598136297747713099605187072113499999983797804995105973173281609631859502445945534690830264252230825334468503526193118817101000313783875288658753320838142061717766914730359825349042875546873115956286388235787593751957781857780532171226806613001927876611195909216420198938095257201065485863278865936153381827968230301952035301852968995773622599413891249721775283479131515574857242454150695950829533116861727855889075098381754637464939319255060400927701671139009848824012858361603563707660104710181942955596198946767837449448255379774726847104047534646208046684259069491293313677028989152104

[TLI]

Would not work on my network, way too easy, no special characters.

I am suprised you have not been hacked.

:-)

.

[eclecticEel]

I have the password to my wifi network set as a 128 digit hexadecimal number - no one’s getting on for free.

[philo]

http://www.youtube.com/watch?v=a6iW-8xPw3k

[PapaBear3625]

When I started working at this software company, you set up a password and kept it forever. Then, management levels increased, and a policy was established that passwords had to be changed every 90 days.

So then people went from having passwords that they remembered, to writing down their new alphanumeric passwords on a piece of paper they keep under their keyboards. Great increase in security.

[Rebelbase]

I hated that new password every 90 days with no repeats.

Had to log-in/out at least two dozen times a day so I used key combos that were minimal movements that I could fly through, catch a number on the top row and finish with another letter.

Pain the arse but the speed was the most helpful thing.

[palmer]

Now that you’ve disclosed that pattern, the goobers will add that to their “reject variants of prior passwords” algorithm.

[11th Commandment]

123 456, remind me to change the combination to my briefcase!

[Hatteras]

Baravelli: Who are you?

Wagstaff: I’m fine, thanks. Who are you?

Baravelli: I’m fine too, but you can’t come in unless you give the password.

Wagstaff: Well, what is the password?

Baravelli: Oh no, you gotta tell me!.... Hey, I tell you what I do...I give you three guesses...It’s the name of a fish...

Wagstaff: Is it Mary?

Baravelli: Ha, ha! Atsa no fish!

Wagstaff: She isn’t? Well, she drinks like one. Let me see...Is it sturgeon?

Baravelli: Hey, you’re crazy! A sturgeon, he’s a doctor cuts you open whena you sick. Now I give you one more chance.

Wagstaff: I got it! Haddock!

Baravelli: Atsa funny, I gotta haddock too.

Wagstaff: What do you take for a haddock?

Baravelli: Well now, sometimes I take aspirin, sometimes I takea calomel.

Wagstaff: Say, I’d walk a mile for a calomel.

Baravelli: You mean chocolate calomel. I like that too, but you no guess it. (Slams door. Wagstaff knocks again. Baravelli opens the peephole again.) Hey, whatsa matta? You no understand English? You can’t come in here unless you say swordfish! Now, I give you one more guess.

Wagstaff: (thinking) Swordfish...swordfish...I think I got it! Is it swordfish?

Baravelli: Ha! That’s it! You guess it!

[Chickensoup]

A place I worked had the 90 day password. I chose the word for the place, capitalized it and started with different endings first one was1!, second one was2@, third one was3# and so one.

[palmer]

Any password, even just a dictionary word, will last forever and should never be changed. The reason why changes are forced is the mythical dictionary attack which is no longer possible with well-designed systems (hashes are protected). If there are poorly designed systems with unprotected, readable hashes, then that needs to be fixed, not patched with ridiculous password policies. Or similarly if a password is ever sent in the clear even beyond the PC, then that is a bogus design and cannot be fixed with password policy.

The only legitimate reason to change a password is it got revealed by someone looking over the person's shoulder or by a key logger.

[Little Pig]

[muir_redwoods]

When prompted at work to change mine I always use the date I was prompted but I intentionally misspell the month such as Novembar20. Not hoolptoof but the thing is easy to remember ( alway the last vowel) and thecword doesn’t appear in the dictionary so common force algorithms don’t work

[outofsalt]

This is my password to sign on here:
5m1y7FoSAAUpXKgK3ZycG9yiycw6KuAgVDOYedv8soyXhJ91Jbk6QjutXNg5dXJSag9pxZvARcDxMZlH

Let me guess...
A viking kitty walked accross your keyboard?

[Little Pig]

The moral of the above strip is that, everything else being equal, length triumphs over complexity. Note however that the second password *includes* the spaces. Also @palmer: Dictionary attacks (and rainbow tables) are not obsolete. They are still used. It’s still a valid threat.

[crosshairs]

This one should be popular:

FUBO2012

[crosshairs]

This is my password to sign on here:

5m1y7FoSAAUpXKgK3ZycG9yiycw6KuAgVDOYedv8soyXhJ91Jbk6QjutXNg5dXJSag9pxZvARcDxMZlH

This is unbelievable. Mine is exactly the same, except I have an 8 where you have the 3.

[sima_yi]

Beechwood45789 didn’t either. Wonder why.