'Starwars', '123456', 'letmein' among most popular passwords, risking cyber security: expert
A list of the most popular passwords of 2015 reveals the high number of people who continue to compromise their own cyber security, an expert has said.
The list, complied by Splash Data from more than two million leaked passwords, revealed the two most popular passwords had not changed since 2011.
- List of most popular passwords shows many people continue to compromise their own cyber security
- List reveals two most popular passwords have not changed since 2011
- The top of the list has barely changed over the past 30 years
The password "123456" remains the most popular, followed by "password".
"Football", "welcome", "login" and "abc123" were included on the list of 25 most popular passwords for 2015.
Newcomers included "starwars" and "solo", coinciding with the release of Star Wars: The Force Awakens.
Other favourites include "dragon", "monkey", "let me in", and the numbers one to nine.
Worst passwords of 2015
|Rank||Password||Change from 2014|
According to Matthew Warren, professor of information security at Deakin University, the top of the list has barely changed over the past 30 years.
"Historically, since the 80s, the top passwords have been very similar," he said.
"It shows how users haven't learnt from history, or their experiences."
He said information on cyber security awareness was hard to find, so the habits of people were not changing.
"Children aren't taught at schools about choosing secure passwords, and you have to visit government websites to get the information," he said.
Three-tier authentication is key
For anyone who finds their password on the list, Professor Warren suggests a three-tier authentication approach: a username, more complex password, and a form of biometric authentication.
He said biometric authentication was becoming more common with mobile phones, but people were still reluctant to take the extra step.
The biometric system uses unique, individual characteristics for authentication, including fingerprints and retina scans.
Professor Warren said longer passwords made no difference if they were based on simple, obvious patterns.
"People just use a string of numbers from one to nine; people always do the simplest thing," he said.
He also recommended using a mix of upper-case and lower-case characters, and punctuation such as commas and question marks.
"None of those sort of passwords appear in the list. The list is all plain text or simple numeric strings, simple passwords, or people pretending to be superheros," he said.
Source: ABC News