Worst Passwords List Is Same Old $h1T

WTF-Picard-meme

The annual list of the “worst passwords” has again failed to tell us anything useful about security, thought perhaps provided a little (predictable) detail about popular culture.

As always happens this time of year, a publicity-seeking company behind a password manager application has put together a list of the 25 worst passwords by simply counting up which ever ones appeared most often in leaked databases that showed up online last year.

As always it’s prompted a flurry of stories about how Internet users are dumb because they continue to use obvious passwords, with 123456 and password always vying for the top spot.

And as always, that’s a completely idiotic conclusion because the list tells us nothing about how secure the average password is. The most used passwords will always be obvious by definition. Drawing lessons from this is like looking at the list of the 25 most popular names for new babies and deciding it tells us that the population as a whole chooses popular names.

To get even a mediocre insight into overall levels of password security we’d need data on average password length, what percentage of people use dictionary words, and what percentage of people use digits and symbols.

The only real insight into security habits from the list is that few folk fall into the category of being aware of the dangers of an easily-guessable password but haven’t exactly come up with the best responses. One new entry in the list is passw0rd, which has to be an example of taking the smallest possible step towards security. Another new entry is 1qaz2wsx, which presumably will disappoint those who thought they’d come up with something original.

As for cultural lessons, baseball has overtaken football as a password, while princess, solo and starwars have all popped up as new entries.




3 Responses to Worst Passwords List Is Same Old $h1T

  1. Every time I hear about this password issue, I am reminded of how unimaginative and lazy the majority of Americans are.

  2. I think some of those passwords on the list might be from public places, you know, like caf├ęs with free wi-fi, for example. A lot of people are connecting daily to their networks, so they can afford passwords that are easy to guess.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.