Security

Database leak reveals 10 terrible passwords you should avoid

By Rob Thubron November 7, 2016, 9:30 29 comments

Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.

There's been more confirmation that when it comes to online security, some people are just asking to be hacked. By examining accounts from a leaked Yahoo database, featuring obsolete accounts from a 2012 voice calling service, researchers put together a list of the ten most commonly used passwords.

The most popular password favored by Yahoo users was "123456." If that isn't enough to make you facepalm, the second most common was the brilliant "password." This was followed by "welcome" in third, and, weirdly, "ninja" in fourth position.

Mixing numbers and letters is often recommended when it comes to creating strong passwords, but "abc123," which is the fifth most popular entry, is a pretty weak example of this practice. The next two entries are variations of the number one password - "123456789" at six and "12345678" at seven.

The next two passwords on the list are actual words - "sunshine" (eighth) and "princess" (ninth) - while the final place is occupied by the terrible "qwerty."

Dr Jeff Yan, co-author of a paper on password cracking and a senior computing lecturer at Lancaster University in the UK, compiled the list. He told the Daily Mail Online: "Why do [some] use such obvious passwords? A main reason I think is that they're either unaware of or don't understand the risks of online security."

"Just like everybody knows what one should do when red lights are on in the road, eventually everybody will know 123456 or the like is not a good password choice," he added.

Many of the other passwords in the database were made up of simple combinations of users' names, ages, and birthdates.

In addition to revealing the commonly-used passwords, the University researchers, along with those from China's Peking and Fujian Normal Universities, created algorithms that can crack passwords.

Based on attackers having access to different personal information, they guessed passwords for more than 73 percent of users' accounts. Even the more tech-savvy weren't safe; a third of their passwords were cracked within 100 guesses.

The best advice: use a password manager.

29 comments 234 likes and shares

Tech Jobs: Find the next step in your career

Related Stories

Featured on TechSpot