'Starwars', '123456', 'letmein' among most popular passwords, risking cyber security: expert

A list of the most popular passwords of 2015 reveals the high number of people who continue to compromise their own cyber security, an expert has said.

The list, complied by Splash Data from more than two million leaked passwords, revealed the two most popular passwords had not changed since 2011.

Key points:

  • List of most popular passwords shows many people continue to compromise their own cyber security
  • List reveals two most popular passwords have not changed since 2011
  • The top of the list has barely changed over the past 30 years

The password "123456" remains the most popular, followed by "password".

"Football", "welcome", "login" and "abc123" were included on the list of 25 most popular passwords for 2015.

Newcomers included "starwars" and "solo", coinciding with the release of Star Wars: The Force Awakens.

Other favourites include "dragon", "monkey", "let me in", and the numbers one to nine.

Worst passwords of 2015

Rank Password Change from 2014
1 123456 Unchanged
2 password Unchanged
3 12345678 Up 1
4 qwerty Up 1
5 12345 Down 2
6 123456789 Unchanged
7 football Up 3
8 1234 Down 1
9 1234567 Up 2
10 baseball Down 2
11 welcome New
12 1234567890 New
13 abc123 Up 1
14 111111 Up 1
15 1qaz2wsx New
16 dragon Down 7
17 master Up 2
18 monkey Down 6
19 letmein Down 6
20 login New
21 princess New
22 qwertyuiop New
23 solo New
24 passw0rd New
25 starwars New

According to Matthew Warren, professor of information security at Deakin University, the top of the list has barely changed over the past 30 years.

"Historically, since the 80s, the top passwords have been very similar," he said.

"It shows how users haven't learnt from history, or their experiences."

He said information on cyber security awareness was hard to find, so the habits of people were not changing.

"Children aren't taught at schools about choosing secure passwords, and you have to visit government websites to get the information," he said.

Three-tier authentication is key

For anyone who finds their password on the list, Professor Warren suggests a three-tier authentication approach: a username, more complex password, and a form of biometric authentication.

He said biometric authentication was becoming more common with mobile phones, but people were still reluctant to take the extra step.

The biometric system uses unique, individual characteristics for authentication, including fingerprints and retina scans.

Professor Warren said longer passwords made no difference if they were based on simple, obvious patterns.

"People just use a string of numbers from one to nine; people always do the simplest thing," he said.

He also recommended using a mix of upper-case and lower-case characters, and punctuation such as commas and question marks.

"None of those sort of passwords appear in the list. The list is all plain text or simple numeric strings, simple passwords, or people pretending to be superheros," he said.

Source: ABC News

Leave a Reply

Your email address will not be published. Required fields are marked *