Every January, the password manager service Splashdata issues an annual list of the worst passwords from the previous year. For your amusement—or horror—here is 2015's list, selected from several million compromised passwords. But first, a friendly reminder.
If, shockingly, one of the passwords listed below matches one you currently use, change it immediately, unless you'd prefer to get hacked, in which case, carry on. Short passwords in general are hacked in minutes by simple brute-force attacks. In 2013, Ars Technica commissioned hackers to discover passwords through standard techniques. For six-character passwords, one hacker found 1316 passwords in just two minutes and thirty-two seconds! Someday biometrics like fingerprints or voice recognition might replace passwords, but until then please follow the password construction guidelines.
Additionally, don't use the same password for multiple sites. The reason is simple enough: every time you sign up for some Web-based service, free email account, or anything else, you set up a username and password. If that site is compromised or its creators are less than honorable, you might have just revealed the key to many of your other, more important accounts.
Finally, never, ever give out your NAU password.
And now, 2015's list of the 25 Worst Passwords of the Year.
There is a certain beauty in the persistence of "123456" as the number one bad password, a beauty that any Internet gangster must consider sublime. The most interesting addition to the list is the "1qaz2wsx" password, wherein one simply uses the left hand to vertically traverse the keys, perhaps inspired by smart phone keypad codes which also tend to run in linear patterns either up or down.
Password manager programs can help you both manage your many accounts, and maintain the highest level of security. They can generate the best random secure passwords, given a set of criteria to meet any situation, and with the right program, you only need to remember a single password in order to access all of the others. Many password managers can also fill in login data for you once you are authenticated, saving you the painful task of typing dozens of random characters exactly right to access your accounts. Some of the most popular are LastPass, 1Password, LogMeOnce, Dashlane, and StickyPassword. Do some research and you might find your life has just become easier and much, much more secure.