U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Crypto

Which are the worst passwords of 2015?

SplashData has published its fifth annual report on most used passwords in 2015, including the list of the Worst passwords of the year. For the fifth time, experts from the SplashData security firm have published a report, titled “Worst Passwords of 2015”  that analyzes the use of passwords in 2015. The researchers compiled the annual report with data […]

Which are the worst passwords of 2015?

SplashData has published its fifth annual report on most used passwords in 2015, including the list of the Worst passwords of the year.

For the fifth time, experts from the SplashData security firm have published a report, titled “Worst Passwords of 2015”  that analyzes the use of passwords in 2015. The researchers compiled the annual report with data related more than two million leaked passwords during 2015, mostly held by users in North America and Western Europe.

I tell you now that nothing has changed and that despite the awareness of cyber threats is increased, users continue to make the same errors adopting weak and predictable passwords

The most used passwords were “123456” and “password,” exactly the same since 2011! Also in 2015 users used simple numerical passwords, with six of the top 10 passwords on the 2015 list comprised of numbers only.

Some users have started using new and longer passwords in an attempt to improve their security, or simply because websites forced them to do so, however are still easy to guess.

“We have seen an effort by many people to be more secure by adding characters to passwords, but if these longer passwords are based on simple patterns they will put you in just as much risk of having your identity stolen by hackers,” explained SplashData chief executive Morgan Slain.

“As we see on the list, using common sports and pop culture terms is also a bad idea. We hope that with more publicity about how risky it is to use weak passwords, more people will take steps to strengthen their passwords and, most importantly, use different passwords for different websites.”

Let me show you how users’ worst passwords have evolved in the last three years:

Worst Password Infographic-2013-rev011814

Below the situation in 2014

Worst Passwords 2014

And in 2015, the list included the following strings:

worst passwords 2015_ 2

 

Sports remain a popular password theme, but this year “football” has overtaken baseball, clear change of the Americans’ passions.

Very common are also terms used in the Star Wars saga, for the fist time in the list of worst passwords list we see terms like “starwars,” “solo,” and “princess.” Other novelties respect the 2014 list are “welcome”, “login” and “passw0rd.”

Below the complete list of the worst passwords of 2015, is you are using one of them is time to change it!

Rank Password Change from 2014
1 123456 Unchanged
2 password Unchanged
3 12345678 Up 1
4 qwerty Up 1
5 12345 Down 2
6 123456789 Unchanged
7 football Up 3
8 1234 Down 1
9 1234567 Up 2
10 baseball Down 2
11 welcome New
12 1234567890 New
13 abc123 Up 1
14 111111 Up 1
15 1qaz2wsx New
16 dragon Down 7
17 master Up 2
18 monkey Down 6
19 letmein Down 6
20 login New
21 princess New
22 qwertyuiop New
23 solo New
24 passw0rd New
25 starwars New

If you want to have more information on the topic give a look to the “Worst passwords ebook” published by the company

Pierluigi Paganini

(Security Affairs – Worst passwords, Spash data)