Password hacks as simple as 1-2-3-4-5-6

January 19, 2016
Many Internet users rely on easily guessed passwords
Many Internet users rely on easily guessed passwords

Even after tens of millions of people had online accounts hacked, many Internet users still rely on easily guessed passwords.

A report released by the online security firm SplashData on Tuesday found the most commonly used by global Internet users were "123456" and "password" in 2015—unchanged since 2011.

The fifth annual report by SplashData was compiled from more than two million leaked passwords during the year, and showed little change.

Despite the introduction of some new and longer passwords required by some websites, "the longer passwords are so simple as to make their extra length virtually worthless as a security measure," the company said in a blog post.

Among other top passwords were "12345678," "qwerty," "12345" and "123456789," according to the report.

Other popular password are based on standard keyboard patterns like "1qaz2wsx" (first two columns of main keys) or "qwertyuiop" (top row of keys) but are "based on simple patterns that would be easily guessable by hackers," SplashData said.

"We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers," said SplashData chief executive Morgan Slain.

"As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites."

The epidemic of hacking has led some online companies to start moving away from , and employing other verification methods such as biometrics.

Fingerprint readers have become more popular on mobile devices and other firms use face or iris recognition.

Some sites are moving to "two factor" authentication which require users to receive a code on a mobile device.

Explore further: SplashData's annual list shows people still using easy-to-guess passwords

Related Stories

Amazon orders reset for some customers' passwords

November 25, 2015 has required an undisclosed number of customers to reset passwords to their online accounts after the company said some passwords "may have been improperly stored" on devices.

Yahoo Mail upgrade sheds passwords

October 15, 2015

Yahoo on Thursday set out to make its free email service hip again with upgrades that included getting rid of the need for passwords on mobile devices.

Are you any good at creating passwords?

January 30, 2010

There's an interesting little study that's been done by security firm Imperva, which analyzed some 32 million passwords posted online in December by some enterprising hacker.

Recommended for you

EPA adviser is promoting harmful ideas, scientists say

March 22, 2019

The Trump administration's reliance on industry-funded environmental specialists is again coming under fire, this time by researchers who say that Louis Anthony "Tony" Cox Jr., who leads a key Environmental Protection Agency ...

Coffee-based colloids for direct solar absorption

March 22, 2019

Solar energy is one of the most promising resources to help reduce fossil fuel consumption and mitigate greenhouse gas emissions to power a sustainable future. Devices presently in use to convert solar energy into thermal ...

1 comment

Adjust slider to filter visible comments by rank

Display comments: newest first

not rated yet Jan 19, 2016
How about finding the company's PW format/requirements/restrictions (not as easy as it sounds). Creating a random number generator for each character. Saving same as value. Using same as PW. Revising periodically.????. Any taker$$$? This has worked for me since 1982. 'Can't say the same for RSA.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.