"Password" Is No Longer the World's Most Common Password, But the New One Isn't Any Better

Enter your bad password. Image: Flickr

Seeing how concerns about personal privacy and security rose to a fever pitch in 2013, you'd think that we would have become just a teensy bit more cautious about the kinds of passwords we use on our various devices and services.

Well, apparently not. Security firm Splashdata just released its annual "worst passwords" list. The good news? After two years as the most common crummy password, "password" was dethroned. The bad news? It was replaced by the equally ineffective "123456," 2012's number two worst password.

The full list is as follows:

1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
21. password1
22. princess
23. azerty
24. trustno1
25. 000000

These are only the worst passwords, mind you. Splashdata said in a press release that the top 25 offenders were "compiled from files containing millions of stolen passwords posted online during the previous year." The list was invariably skewed heavily towards Adobe passwords because of the massive security breach that revealed some 130 million passwords from that service, which helps explain why terms like "adobe123" and "photoshop" made it so high up this time around. Following Adobe's high-profile hack last fall, the security firm Stricture Consulting Group revealed that "123456" was the number one most common password from the breach by a long shot.

What SplashData's new report ultimately goes to show, however, is that while terrible passwords may wax and wane in their popularity, they will always continue to be, well, terrible. In 2010 (a year before SplashData started publishing its findings), after all, the security firm Symantec found that "123456" was the most common crappy password for that year. And two steps below "123456" on SplashData's report was "12345678," just three steps below the infinitely more complex "123456789." Which can only lead to the ultimate question of why so many people continue to use these kinds of passwords and expect any modicum of legitimate security in the first place.

"As always, we hope that with more publicity about how risky it is to use weak passwords, more people will start taking simple steps to protect themselves by using stronger passwords and using different passwords for different websites," SplashData CEO Morgan Slain said in a statement.

See more on security and passwords:

Motherboard Meets Bruce Schneier

It's Finally Time for the Password to Die

Your LinkedIn Password Is On Display in a Museum in Germany