2016’s Worst Passwords Are In, And The Results Are Embarrassing.

It’s that time again, where, with a whole new year’s worth of uncertainty ahead, we collectively look back on the past year and face just how terrible we really were….at coming up with secure passwords.

Last year, SplashData did the dirty work, but this time around it was the security team at password manager Keeper who stepped up to the plate to bring us The Worst Passwords of 2016. The results? Just as terrible as we’ve come to expect.

 The list, culled from more than 10 million passwords that became public through data breaches that happened in 2016, identified the year’s 25 most common passwords, which were:

1. 123456
2. 123456789
3. qwerty
4. 12345678
5. 111111
6. 1234567890
7. 1234567
8. password
9. 123123
10. 987654321
11. qwertyuiop
12. mynoob
13. 123321
14. 666666
15. 18atcskd2w
16. 7777777
17. 1q2w3e4r
18. 654321
19. 555555
20. 3rjs1la7qe
21. google
22. 1q2w3e4r5t
23. 123qwe
24. zxcvbnm
25. 1q2w3e

That’s right, 123456 took the top spot, again. Keeper identified 1.7 million accounts using the perennial favorite—just about 17 percent of the 10 million hacked accounts studied.

“Looking at the list of 2016’s most common passwords, we couldn’t stop shaking our heads,” says the Keeper team.

“The list of most frequently used passwords has changed little over the past few years,” Keeper wrote in a blog post. “That means that user education has limits. While it’s important for users to be aware of risks, a sizable minority are never going to take the time or effort to protect themselves. IT administrators and website operators must do the job for them.”

So how can we do better in this brave new year of 2017? Keeper offered up a few basic tips:

1. Use passwords or passphrases of with “a variety of numerical, uppercase lowercase and special characters.”
2. Avoid dictionary terms. Using simple words can open you up to dictionary cracks, which test common passphrases such as those found in Keeper’s list, then move through the whole dictionary, says Keeper.
3. Use a password manager.

Here are a few additional obvious tips that I would add:

• Avoid using the same password over and over again on different websites
• And, for god sake, enable two-factor authentication where ever possible.

Check out Keeper’s full study here for additional results and analysis.