Yes, “123456” still made the list. But there are several new entries on the list of the year’s worst passwords. And if any finance systems are “protected” by them, you could be in trouble.
Not only that, but even if staffers are using the “safer” 8-plus letters and number combination, there’s new evidence you might not be as protected as you thought.
Take a gander at what made SplashData’s Worst 25 list this year so you can be more confident your sensitive data is covered.
Any of these look familiar?
There were 10 new additions to the list this year, so before staffers assure you they’re not using “password,” make sure they aren’t relying on any of these other 24 either:
Rank | Password |
1 | 123456 |
2 | password |
3 | 12345 |
4 | 12345678 |
5 | qwerty |
6 | 123456789 |
7 | 1234 |
8 | baseball* |
9 | dragon* |
10 | football* |
11 | 1234567 |
12 | monkey |
13 | letmein |
14 | abc123 |
15 | 111111 |
16 | mustang* |
17 | access* |
18 | shadow |
19 | master* |
20 | michael* |
21 | superman* |
22 | 696969* |
23 | 123123 |
24 | batman* |
25 | trustno1 |
Damned if you do, damned if you don’t
Too simple a password is no good – but neither is too complex a choice, either.
The reason: When they’re too tricky to recall, most people tend to use the same password for everything – both personal and business access. And that puts you at increased risk.
After all, the minute someone’s Facebook account gets hacked, your sensitive financial information could be unlocked, too.
Finding a happy (and safe) medium
So what’s the best course of action today? There’s new thinking as far as best practices in passwords these days.
Here are two suggestions you might pass along to your team to walk the fine line between playing it safe and keeping passwords manageable.
- Swap one letter for another. Say a staffer wants to use her cat’s name as a password. Instead of using Jingles, have her use the letter to the left of each letter in the name on the keyboard. So Jingles becomes Hubfkwa. Easy to remember, but tough to crack.
- Use a favorite song lyric or quote. Then pick 2-4 numbers from 1-10. Each word will correspond to a number. So if your quote is “The only thing we have to fear is fear itself” and you chose 1, 3, 5 and 7, your password would be Thethinghaveis.” Even better: Thethinghaveis1357.
For more on the SplashData list, click www.splashdata.com