Discussion about

January 21st 2014 2:59 pm

The most popular passwords from 2013

If there's one "benefit" to countless databases containing encrypted passwords being compromised, it's that we can do some pretty neat analysis on what the most popular passwords that we use are. Is your password on the list up above? If so, you should probably change it. ;)

This also brings up a really interesting point: do you use some sort of password management application such as 1Password, Lastpass, Apple's built-in keychain, or something else? It's something I've been a huge supporter of and have tried to convince many friends and family to use. The benefit is that you can easily generate site specific passwords that are basically a random string (e.g., "gViU2mO0rXo"). Your password management app remembers this for you and all you need to do is enter a master password to unlock it and log in (of course if your master password is compromised, you're screwed).

Interestingly enough, I've also started using a password manager for security questions on websites. The questions and answers are often stored in plaintext and are easy enough to scrape if a database is compromised. It takes some extra work, but it's some nice peace of mind!

Interestingly enough, I once had to cancel an account with some credit check website and they required me to call in. To verify my identity, they asked for my mother's maiden name, which for this website I had listed as "Who-Da-Pew-Chili." The nice lady was like, "Wow, that's a unique name..." But hey, it matched what I entered when I signed up with them! (This nice folks behind 1Password actually break this down: blog.agilebits.com­/2012­/08­/11­/blizzard­-and­-insecur...)

Via: 9to5mac.com­/2014­/01­/20­/the­-worst­-password­-of­-all­-i...

sort by

10 replies

Ok. It looks like Adobe's compromise is really affecting that list..."photoshop", "adobe123"....
2 like dislike

My twitter account was compromised this morning (I don't actively tweet) and my password wasn't on that list. It was running an old 6 character alphanumeric though, so I deserved it.

I try and use 2-step authentication though whenever I can, as long as they are willing to send me an sms for it. (IE not app-based) That way I can feel a bit safer even if my passwords are compromised.

1 like dislike

That's a great point. I've had a hell of a scare when I restored my iPhone and realized the Google Authenticator app didn't keep my credentials. Thought I was locked out of my account until I realized I had also set it up on my iPad.
0 like dislike

I did use Google Authenticator as well, but it is inconvenient if you like switching around phones often- especially if you are trying out a windows phone. Thankfully Google will send an email or sms.

Also I keep the backup codes printed out and hidden somewhere, so if all technology fails me, I can still get in
0 like dislike

Switch to SMS based. It can be annoying the first go around but makes life much easier in the long run.
0 like dislike

Regarding the strength, I believe Ars Technica wrote about how the compromises of so many large scale companies is leading to stronger dictionaries. Even though they already know all the common phrases by getting access to more complex passwords and words hidden by symbols and numbers it's allowing "crackers" to better equip the software.
0 like dislike

Those are the same passwords I use on my luggage.
0 like dislike

While I agree that this list is scary, I'd observe that a lot of the time the sites being compromised are the type where users don't actually care about their accounts. Sometimes they're trying to get through the account creation as fast as possible just to get to doing what they came there to do.

For example, we got a lot of data like this from the Gawker attack a while back, and we saw some of the same stuff. In that case, people were often just going through the account creation as a formality so they could get in and write a comment. They could care less if their account was hacked.

I'm willing to wager that an extremely small number of the people using the passwords in this list are also using them for things like online banking or their Amazon account.

I often feel the same way about these types of sites, but I still use Lastpass for everything because it's just easier. Lastpass (and these other password managers) are one of the first times where being more secure is actually easier. I don't know my password for any services I use, and I never have to enter anything but my Lastpass password whenever I log into anything on my computer or my phone. It's so much better than storing things in the web browser.

ps-I'm not saying that all of the hacked sites are low-priority sites, but I think it represents most of these common passwords. Even with Adobe, that includes a lot of people who are just creating accounts to post on their forums and have never bought any software from them.
0 like dislike

This post has been removed.


I think this post opens our eyes so that we never use such type of password.
We should use more complex password.
ERP Software Bangladesh
0 like dislike

Is it just me or is sunshine on the list twice...
0 like dislike

9 users following this discussion:

  • HughesNet
  • josedelcorral
  • Dignan17
  • frankspin
  • TgD
  • dave
  • shohelbd92
  • flackend
  • malleshop

This discussion has been viewed 8863 times.
Last activity .