25 Worst Passwords of 2014 Are As Stupid As You Imagine

The last year has taught us lessons on digital security on multiple occasions. Be it the case of constant attacks by the Lizard Squad on PlayStation Network and Xbox Live or hackers leaking a comprehensive Snapchat database, the message has been loud and clear: nobody on the internet is ‘safe’. You would expect people to be extra cautious about their security as a result, right? SplashData has released its list of the most common passwords on the internet in 2014. Trust me, it tells a completely different tale; one that of carelessness and laziness.

Let’s amuse ourselves with the rather embarrassing list:

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. qwerty
  6. 123456789
  7. 1234
  8. baseball
  9. dragon
  10. football
  11. 1234567
  12. monkey
  13. letmein
  14. abc123
  15. 111111
  16. mustang
  17. access
  18. shadow
  19. master
  20. michael
  21. superman
  22. 696969
  23. 123123
  24. batman
  25. trustno1

Believe it or not, the password, ‘password’ took first place in the list of most common passwords in 2013. It might be a minor consolation for some to see that people have resorted to typing numbers instead. Interestingly, eight of these passwords in the list are all integers and a few others that are alphanumerical passwords.

There is no denying that the password system requires an overhaul but its baffling to see people putting their security at risk like this. It makes one question how difficult and time-consuming is it exactly to come up with a more ‘complex’ password that doesn’t straight up spell ‘password’, ‘dragon’ or ‘monkey’.

For the love of all that’s holy, you could even pick these absurd passwords and twist them in a way they are not so obvious. For instance, those who are hell bent on using ‘monkey’ could perhaps spell it backwards and add random numbers. Something like this: ‘y0e9k8n7o6m’.

Advertisement

Moreover, those adamant on using numbers could add random alphabets in there to make it hard to hack. For instance: ‘u1h2g3k4l5’. Remember, this is the least you can do to save your identity from being compromised. If you are so frivolous about it all, you are simply inviting a hacker in your territory.


  • Saqib Hassan

    What to expect from common people?

    • Zulfiqar Chishti

      Ummmm, common sense :p

      • yorgus

        well said. please also add gonawazgo in the list

  • Eli Ehsan

    that’s why all of my passwords are in Roman sindhi.. :D crack that Baba Bholro..

    • Shahid Saleem

      Sorry but you lose. I read an article yesterday where one person had a phrase (not one word but several words) from a poem in Afrikaans and his account was safe for years but finally it was hacked. It was the passphrase to an online Bitcoin wallet so he lost lots of money.

      Do you think your roman Sindhi will save you??? Passwords are simply not enough.

      • Eli Ehsan

        yaar Shaid Saleem payee!! I was being cynic. but to go into argument re Passwords simply aren’t enough! then what you purpose we do? clearly not all web spheres support “PHYSICAL SECURITY OPTIONS” i.e. eye scan or facial scans or Bio-metric etcetra.. You’ve to give your best shot to atleast make hackers do some effort to bypass your security no?

  • Hazique Ali

    Its because now a days every tom, dick and harry website needs a password, and it is not easy for a normal to keep a track of all passwords with their relevant websites. And I would never make a universal password for my facebook or bank account and any website like ProPakistani. I am here to read some good stuff but don’t want to share my important password, so just to log in i insert 123456 sometimes or whatever. Don’t try this password, it was just an example :P

    • Shahid Saleem

      There are many password generators and storage systems. Some of them work with Chrome or Firefox in browsers. Some can be installed on your phones

      Try 1Password for example.

  • Muhammad Aamir

    That’s why I use Lastpast, all passwords are well protected with 50-100 complicated characters.

    • Shahid Saleem

      You have false security. Believe me, your password can be broken if the server does not use something like PBKDF2 to store your encrypted form of passwords.

      If you want real security use TOTP or HOTP:

      Time-based One-time Password Algorithm

      It is a FREE and OPEN standard and you can get clients for it that work on your desktop computer or on your phone (Android iPhone probably also Windows mobile). Anyone can implement it. It does not take hard to implement on server as well. In fact, even Unix services like SSH can be protected with TOTP. Websites can get plugins to support it, I have seen WordPress plugins for example.

      It is the same standard used by 2FActor Authentication like what Google uses.

      • Muhammad Aamir

        Your idea sounds good but unfortunately I’m unable to understand how it is implemented. I haven’t ever heard of TOTP or HOTP words in my life :D. If I don’t have an Android phone at a time to log in on a website then what I will do? I have read many articles about that but I didn’t find a single desktop software that can perform this technique as you mentioned. Does it has the same speed to log in on a website like Lastpass.

        I want to know the followings things:

        1. Which software is required to implement the codes?
        2. Does it work without a phone?
        3. HOTP in which password doesn’t change whereas TOTP seems more secure because it alters password automatic, but how does it change automatic even If I sleep? even If I haven’t an Android phone?
        4. Are its passwords protected in a cloud base server like Lastpass or somewhere else?
        5. Is it important to have an Android or Windows phone to use this exotic technology?

      • Muhammad Aamir

        Your idea sounds good but unfortunately I’m unable to understand how it is implemented. I haven’t ever heard of TOTP or HOTP words in my life :D. If I don’t have an Android phone at a time to log in on a website then what I will do? I have read many articles about that but I didn’t understand the logic as well as I didn’t find a single desktop software that can perform this technique as you mentioned. Does it has the same speed to log in on a website like Lastpass.

        I want to know the followings things:

        1. Which software is required to implement the codes?

        2. Does it work without a phone?

        3. HOTP in which password doesn’t change whereas TOTP seems more secure because it alters password automatic, but how does it change automatic even If I sleep?

        4. Are its passwords protected in a cloud base server like Lastpass or somewhere else?

        5. Is it important to have an Android or Windows phone to use this exotic technology?

        6. Can it work as a realtime to put my password into the box?

  • ProPakistani User

    Create your own headlines!! That’s copy paste from Mashable and other tech blogs.

  • Atifsh

    i want to know where these passwords been attained from, i use simplest of the passwords on things that doesn’t need security in my opinion, i want ease.
    for example major emails sites doesn’t accept 6 digits or just letters.
    i use 123456 / 12345678 for things like netflix / amazon app store and things like that, even disqus, if these passwords are ending up in that security list. than this security list is not as conclusive or stupid as it seems now. i actually wanted them (passwords) simple and stupid.

  • Shahzad Mirza

    a common password among new user of facebook 123pakistan,123 pak, pakistan123, impakistani :P

  • ah han,..
    but you missed my password that I used as newbie of internet user.
    “abcd1234” :D

  • Pete Austin

    Do not try to remember passwords: anything memorable is also predictable. Use randomly-generated passwords and write them down, or use a password safe.