Retaining the number one spot as the least secure password for yet another year, people that continue to use the phrase “password” as their personal password remain at the highest risk when it comes to hacking. Detailed in SplashData’s annual report, the three phrases ”password,” “123456,” and “12345678,” have continued to dominate the top three spots on the list. Rounding out the top ten worst passwords of 2012, phrases include “abc123,” “qwerty,” “monkey,” “letmein,” “dragon,” “111111,” and “baseball.” SplashData chooses the rankings of these common security phrases based off what hackers are posting to the Internet. For instance, nearly half a million usernames and passwords for Yahoo users were posted on the Internet during July 2012.

security password loginRegarding the lackadaisical online security utilized by many people around the world, SplashData CEO Morgan Slain stated “At this time of year, people enjoy focusing on scary costumes, movies and decorations, but those who have been through it can tell you how terrifying it is to have your identity stolen because of a hacked password.”

Slain continued “We’re hoping that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites.”

New entries to the 2012 list include “jesus,” “ninja,” and “password1.” Phrases that have fallen off the list from last year include “superman,” “passw0rd,” and “bailey.” The entire 2012 list of the 25 worst passwords looks like:

  • password 
  • 123456 
  • 12345678 
  • abc123
  • qwerty
  • monkey
  • letmein
  • dragon
  • 111111
  • baseball
  • iloveyou
  • trustno1
  • 1234567
  • sunshine
  • master
  • 123123 
  • welcome 
  • shadow 
  • ashley 
  • football 
  • jesus 
  • michael 
  • ninja
  • mustang 
  • password1

zoidberg-passwordIf you are using any of these security phrases for an online account, it’s highly recommended that you switch to a more secure phrase. In order to create a safer password, SplashData suggests using security phrases with at least eight characters while utilizing a variety of characters within the phrase.

This could include using a common phrase that’s broken up by underscores between words or substituting symbols for letters within a word. For instance, the phrase “p@$$w0r6″ is more secure than typing out the word using all letters.

Splashdata also recommends using multiple passwords across different types of sites. For instance, using the same security phrase on a social network as you do when accessing your online banking could become problematic if the social network is hacked. If a user has difficulty remembering passwords across multiple sites, there is a variety of software that can manage security phrases and automatically fill in the password data when visiting a site. However, Web browsers such as Google Chrome and Mozilla Firefox have offered this feature for quite a while.

In reference to security phrase creation, Slain said “Even though each year hacking tools get more sophisticated, thieves still tend to prefer easy targets. Just a little bit more effort in choosing better passwords will go a long way toward making you safer online. It just takes a few extra moments to make a password better. If you get started now and make it a resolution to keep it up, your life online will be safer and more secure in 2013.”