The Worst Passwords of 2015 Are Just as Terrible as You Thought

SplashData’s 2015 edition of “Worst Passwords of the Year” is out and the results are just as terrible as you’d expect. The list is compiled from more than 2 million leaked passwords during the year, mostly from European and North American users of the TeamsID password manager and is released to “encourage the adoption of stronger passwords,” according to SplashData’s post.

For the fifth year running, “123456” and “password” take the top spots on the list of the 25 most common bad passwords, as they have since the list’s inception in 2011, proving just how often laziness and personal convenience trump security for users.

As in past years’ lists, simple numerical passwords remain common, with six of the top 10 passwords on the 2015 list comprised of numbers only.

Other popular choices this year were sports, such as “football” and “baseball.” One notable newcomer to the list was  “starwars,” ranked as the 25th most popular breached password, likely due to buzz over the release of the newest addition to the franchise, “Episode VII: The Force Awakens.”

SplashData has noted that some users have at least attempted to make passwords more secure, but that many of these efforts have been based on simple patterns that do little to deter would-be hackers.

“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” said Morgan Slain, CEO of SplashData. “As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”

SplashData offers three simple tips to help people protect themselves:

  1. Use passwords or passphrases of twelve characters or more with mixed types of characters
  2. Avoid using the same password over and over again on different websites
  3. Use a password manager to organize and protect passwords, generate random passwords, and automatically log into websites

Check out SplashData’s Infographic for a full overview of their findings:
TeamsID-IG-Worst-Password-V3

Jeff Edwards
Follow Jeff

Jeff Edwards

Editor, Cybersecurity at Solutions Review
Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff