Many passwords are so bad they don’t even need to be hacked

“While a lot of attention is given to high profile account breaches, the truth is many passwords are next to useless because of their simplicity,” Ina Fried reports for Re/code.

“Each year, SplashData releases its list of the worst passwords. Many atop the latest list are repeat offenders, such as the top two, ‘123456’ and ‘password,’ which were also atop the prior year’s list,” Fried reports. “Two new passwords in the top 10 are ‘696969’ and ‘batman.'”

Fried reports, “Sports teams, popular children’s names and curse words are all well represented in the list of the 100 most common passwords, as are sequential keys on the keyboard.”

Read more, and see the current top 10 of bad passwords, in the full article here.

MacDailyNews Note: Once again: Too many people use one password for multiple services and weak passwords at that. Once hackers guess that password, they then have access to all sorts of things: cloud storage, bank accounts, Facebook, Twitter, email, etc.

Always use unique passwords and use Apple’s Keychain Access and iCloud Keychain to create and manage them. When used properly, it works like a dream.


      1. Melvin, truly you ARE such an attractive man! You should have more confidence in yourself..if you would just find that certain “someone” to shower you with that tender, caring manlove you so desperately desire…perhaps, only then would you end your hating hatred and playground bullying. Remember Melvin, each journey begins with a single step. You can make that step.

  1. Unique, generated passwords are great until apps from the AppStore ask you to fill it in rather than use the keychain or better yet, the fingerprint reader. Then you’re sitting there staring at the screen like a cow looks at an oncoming train trying to remember the gobbly goop.

  2. Many years ago I used to freelance at a company where you needed to choose an 8 letter password with at least one digit and at least one letter in it. One day when I encountered minor problems with a corrupted file and phoned the guy from IT support, he offered to remotely investigate for me if I told him my password, so I said “my password is eight asterix”.

    He then adopted a very patronising tone an told me that everybody’s password looks like that on the screen, but I insisted that my password really was what I said. He then got super patronising and explained that only letters and numbers would have been allowed anyway, but I repeated that my password really was as I said and told him that it works perfectly.

    He eventually came downstairs nto the office that I was working in and watched as I typed 8ASTERIX and logged onto the system.

    For some reason, he did’t think it was in any way amusing.

  3. I couldn’t even tell you what a vast majority of my passwords are. Where it is the most important to me, passwords are the least of anyone’s problems. Dual factor… Got to love it.

    Microsoft is the most difficult, not only do they have dual factor, they have a temporal 30 day wait to make changes. That is, I accidentally typed the wrong email address, missing one letter, for second factor authentication. Then to correct it, I had to wait 30 days for the changes to take effect, hoping the poor sap at the wrong address doesn’t screw with me. During the 30 day period, the spam all associated email addresses of this pending change, and was this really me that made the request.

    Apple is the best, with a complex key, combined with dual factor, you can solve most of their authentication related problems. Just don’t loose that key.

    A thought:
    How about Unicode double byte character passwords, which includes smileys. How hard would that be to brute force? Does anyone ever bother guessing Chinese passwords?

  4. Apple keychain access works fine on my iMac but yesterday I downloaded the Orbitz app typed in my user name and nothing. No Apple access password. Needles to say, I went back to a manual password. No Continuity here.

  5. What drives me nuts are low-security web services (say, a forum) insisting on high security rules. Such as demanding a certain complexity (one number and one special character, or lower and upper case etc.) and asking for the password every few month, which is seldom enough to forget for the user, and not often enough to require the user to remember. To boot, they never tell you the rules until AFTER you get to the point of typing in a new one, and violated the rules already once.

    On such low security sites any password, even simple ones, would be sufficient, as long as it is unique to the site. but the rules, since variable from one site to the other, make it difficult for users to come up with a simple, rememberable password for each site.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.