The internet's most-used security keys are also its dumbest.
By clicking one of our links you're supporting our labs and our independence, as we may earn a small share of revenue. Recommendations are separate from any business incentives.
If you’re reading this, chances are you have some sort of online identity that you want to protect from the throngs of nefarious hackers who want to hijack your email or Twitter handle and plaster your contacts with ads for fat-burning miracle pills.
It seems a flimsy last line of defense against hackers, but until fingerprint- and eye-scanning technologies go mainstream, the good old alphanumeric password is all you’ve got. So please, avoid all of the combinations found on SplashData’s annual list of the internet’s 25 most common passwords.
This year, "password" fell one spot to No. 2. That might suggest people are getting the hint about web security, were it not for the fact that the new No. 1 most common password is "123456."
The list gets no more creative as it continues, with No. 3 being "12345678" and No. 4 "qwerty."
According to the report, this year’s list was compiled by examining the passwords unearthed in last year’s much-publicized Adobe security breach. Security firm Stricture Consulting Group deciphered and published the most common passwords used by Adobe customers, some of which include the obviously Adobe-specific "adobe123," "photoshop," and "adobe1."
"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," said Morgan Slain, CEO of SplashData, in a statement.
Even with recent high-profile security breaches and the seemingly endless parade of password security warnings, it seems clear that users still prefer simplicity over absolute security when it comes to passwords. Twitter famously banned some 370 passwords back in 2009, some of which are dumb enough to make you laugh—like “stupid,” “internet,” and “twitter.” BlackBerry took a similar approach in 2012, banning 106 passwords.
For its part, SplashData suggests a few simple tricks to create more hacker-proof passwords. Users should create passwords that are at least eight characters long and use a mix of letters, numbers, and other characters. SplashData also endorses using random combinations of words that are easy for you to remember, but difficult for others to guess—something like "monkey_eel_carpet."
Finally, you should avoid using the same password for multiple sites; never, for instance, should you use the same password for a banking site that you use for Netflix or Facebook. If you follow this advice, it could quickly become difficult to keep track of the myriad passwords you'll accumulate. For that reason, it's probably worth checking out the many password-management apps on the market.
But, whatever: Maybe soon we'll be able to access our online data with a saliva sample. Wouldn't that be cool?
Hero image: Flickr user "ronbennetts" (CC BY 2.0)