Software firm SplashData has released the 2013 edition of its annual "Worst Passwords" list, and for the first time, "password" has been displaced from the top spot. The dubious distinction now goes to "123456", which had been in second place for the past two years.
After a year of high-profile security breaches, including a massive leak of Adobe user account details, it is evident that a huge number of users continue to put themselves at risk online by choosing easy-to-remember but highly unsecure passwords. SplashData's list was compiled after combing through millions of passwords leaked or posted online following security breaches in 2013.
Many of the top 25 weak passwords are as short as four characters, use simple sequences of only numbers or characters, or are simply the names of the websites or services that the user has signed up for. "qwerty" takes the number four spot, while "iloveyou" is at number nine.
The annual worst passwords list is a way to spread public awareness about password security.
SplashData, which sells password management software, recommends the use of a strong password manager that can automatically log in to websites, allowing users to create strong passwords that they don't have to remember. Other common-sense tips include avoiding number-letter substitutions such as "p4s$w0rd", and avoiding the same username and password combinations across multiple services.
SplashData suggests using longer strings of random characters, always mixing numbers with letters and symbols, and using long phrases consisting of multiple words and spaces.
The complete list of worst passwords is as follows: