Skip to main content

Keeper unveils 2016’s most common passwords, and they look a lot like 2015’s

keeper most common passwords 2016 worst 2015
We may be turning a year older in 2017, and when it comes to security, let’s hope we’ll get a bit wiser, too. A new survey from password manager and digital vault company Keeper has revealed 2016’s most common passwords, and as ever, the report does not reflect well on our ability to choose safe strings to protect us from those who might wish us ill. In conducting their research, Keeper looked at 10 million passwords that were made public following the many data breaches in 2016. And given the passwords they found, it’s not all that surprising these accounts were breached.

At the top of last year’s list was “123456,” which was used by nearly one in five users. This remains in line with the most popular password from 2015, which was also “123456.” Other popular passwords last year included the usual suspects, like “qwerty,” “11111,” and “password,” all of which have appeared before on similar lists of obvious and overused strings.

Indeed, Keeper notes, “The list of most-frequently used passwords has changed little over the past few years,” which sadly, seems to speak to limits when it comes to user education. “While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves,” Keeper continued. “IT administrators and website operators must do the job for them.”

That doesn’t mean setting users’ passwords on their behalf, but rather on mandating stricter security practices, like combinations of symbols, numbers, and letters, or implementing measures like two-factor authentication. In fact, Keeper points out that four of the top 10 passwords of 2016 are just six characters are less, making them painfully easy to unscramble and hack.

“We can criticize all we want about the chronic failure of users to employ strong passwords,” Keeper concluded, “But the bigger responsibility lies with website owners who fail to enforce the most basic password complexity policies.” Even so, we’d like to leave you with some tips and tricks when it comes to setting a password (seriously, change it if it’s “123456”). For one, you should always use a variety of numerical, uppercase, lowercase, and symbols to protect yourself against a brute force attack. Avoiding dictionary terms is also a good rule of thumb.

So wise up, friends, and make 2017 the year that your accounts don’t get hacked because of a poor password choice.

Editors' Recommendations