The 25 worst passwords of 2011

Larry Peterson

SPFG, Supreme Picture Framing God
Resource Provider
Joined
Apr 8, 2003
Posts
11,090
Location
Wilkes-Barre, PA
It seems like there lists of everything (thank you very much Mr Letterman). Not to be left out Smart Planet gives us the 25 worst passwords of 2011.

OK, people, fess up. Who among us has used one of these?

1. password
2. 123456
3.12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx (the two left columns on the keyboard)
24. michael
25. football

12717.strip.gif


510.jpg
 
We have passwords on our print ordering kiosks, mainly so we know when a person is done ordering. So when they ask for the password it's 1234. Always good for a chuckle.
 
Nope.... Not even Dragon! Never considered that word,yeah shocking ain't it? L
 
I was wondering where that came from! :)
 
letmein was an old nerd password back when very few things were passworded! Most of those passwords wouldn't pass muster for most systems!
 
I like letmein :) I think I may change mine to nien9nine :):)

See I can throw politics into a password thread :)

Here's a strong one for you Bob. Nice use of upper/lower case mixed w/ numbers & characters.

FairShare=100%


Ooops you better not use that because everybody will be able to guess it for you.:shutup:
 
Almost named my wireless "bad connection"... Just thought it might look amusing on that networks list. Password protected anyhow..long string of code too.. L
 
Jeff if people knew you they would never be able to guess your password of "Obama~2012"

Even better rated on Larry's link was PrezObama~2012

Feel free to use it Jeff :)
 
Turns out that one was being used by the VP already so the Secret Service has it blocked for all other use.:nuts:
 
Mine is "Ifurgotmypasswurd". However, I can never remember it.
 
Through my credit card processor, I can access reports and summaries on “Client Line”.

The problem is that their requirement are, IMO, a bit silly. It must be ten characters long; there can be no double letters (e.g. Bill); have at least one capital letter; and it must contain non sequential numbers.

That means I can’t use an easily remembered password, so I almost need to write it down … which, of course, defeats the whole purpose.

But, the real problem is that if I don’t log into Client Line at least every 14 days, they reset my log in information automatically, which means that I have to fill out a new applications with the merchant account #, T.I.N., routing numbers, credit terminal I.D., etc., each time. AND, my new password has the same requirements as before, but can’t be the same one I previously used.

It doesn’t make sense to me. No one can transfer money into or out of the account. All they can do is look up historical information. Such a complex sign in procedure seems to me to be way over the top.
 
I forced my credit card processor to send me paper statements, because try as I might, I could not get into their online system. While I was struggling to come up with a new password, the fleeting seconds they gave me before their temporary one would expire and I would have to start from scratch.

Grrrrr.....

So now, because it takes both them and my bank so long to post the monthly charges, I go for about a week and a half at the beginning of each month not knowing what my bank balance is exactly and filling out the register in pencil with an assumed number, which BTW, is always way off because they throw so many new charges in every month.

GRRRRR......
 
I saw on a TV game show once, they asked what was the most common password and the options were password, 123456 and iloveyou and they claimed it to be 123456. I have always seen password as #1 year after year.
 
It'd that time of the year. CNN just released their list of the worst passwords of 2012. http://www.cnn.com/2012/10/25/tech/web/worst-passwords-2012/index.html?hpt=hp_bn5

1. password
2, 123456
3. 12345678
4. abc123
5. qwerty
6. monkey
7. letmein
8. dragon
9. 111111
10. baseball
11. iloveyou
12. trustno1
13. 1234567
14. sunshine
15. master
16. 123123
17. welcome
18. shadow
19. ashley
20. football
21. jesus
22. michael
23. ninja
24. mustang
25. password1

Pretty much the same as last year except Jesus has broken the top 25 this year making an appearance at #21. Ninja, welcome and mustang have also made the list. Among those dropping of of the top 25 are qazwsx (the two left columns on the keyboard), superman,654321 and passw0rd.



 
Mine is easy..it's " Iforgetit" OH, OH, now I'll have to change it to "Iforgotit" since you all know it now.
 
The problem is that their requirement are, IMO, a bit silly. It must be ten characters long; there can be no double letters (e.g. Bill); have at least one capital letter; and it must contain non sequential numbers.

That means I can’t use an easily remembered password, so I almost need to write it down … which, of course, defeats the whole purpose.

Roboform takes care of both those problems for you.

You can generate passwords with certain parameters (you can't tell it to not use repeating characters, but you can just keep clicking "generate" as often as you like until you get a password that you want to use):

And, it will remember any password entered, by site, and automatically fill in username and pw when you go to that site. It will also store your name, address, bank and CC info for filling forms.

You can even use it as a sort of "favorites", as there is a toolbar in your browser and as you start typing it will show you a list of Passcards. When you see the one you want press Enter, and it goes to the page, fills in the fields and submits it for you.

It also has "Safenotes" - a place to store notes about anything, like maybe info that you need for a site but isn't a field that can be filled in and saved.

All this info is stored on your local hard drive and password protected by a Master Password. If you want, you can also set up an online account and have it synced to your computer, where you can also log in from any computer and access the info - handy for when you're at the in-laws and need something. You can also have it synced across multiple computers as well as handheld devices such as a phone or tablet.
 

Attachments

  • roboform.jpg
    roboform.jpg
    27.9 KB · Views: 34
So, do you guys have a lot of folks trying to break into your computer? Or your bank account? Or even your car?

I know crime is totally random, but am I more likely to be struck by lightning?
 
My Bad. I forgot to update this in 2012. I guess I was busy trying to remember the 3,456 passwords I use.

But we go for 2012, the worst passwords of the year from http://splashdata.blogspot.com/2014/01/worst-passwords-of-2013-our-annual-list.html

Rank Password Change from 2012
1 123456 Up 1
2 password Down 1
3 12345678 Unchanged
4 qwerty Up 1
5 abc123 Down 1
6 123456789 New
7 111111 Up 2
8 1234567 Up 5
9 iloveyou Up 2
10 adobe123 New
11 123123 Up 5
12 sunshine Up 2
13 1234567890 New
14 letmein Down 7
15 photoshop New
16 1234 New
17 monkey Down 11
18 shadow Unchanged
19 sunshine Down 5
20 12345 New
21 password1 Up 4
22 princess New
23 azerty New
24 trustno1 Down 12
25 000000 New


Some of the new ones have gotten really creative...............................NOT.
 
Rank Password Change from 2012
...
12
sunshine Up 2
...
19
sunshine Down 5
..
.

I'm guessing the author of the article was hacked and the blog changed. Maybe he needs a better password...
 
And nobody seems to learn. Here is the updated list for 2016

1 - 123456
2 - password
3 - 12345678
4 - qwerty
5 - 12345
6 - 123456789
7 - letmein
8 - 1234567
9 - football
10 - iloveyou
11 - admin
12 - welcome
13 - monkey
14 - login
15 - abc123
16 - starwars
17 - 123123
18 - dragon
19 - passw0rd
20 - master
21 - hello
22 - freedom
23 - whatever
24 - qazwsx
25 - trustno1
 
My passwords look like this, OH52k3V8odths I got fed up of my Microsoft passwords getting hacked, strangely enough nothing has been hacked since I went to this random system.
 
The best way I find for good passwords mixed with both letters, numbers and, for example #)%! is:

Using the key word "picture": P)I*C#T%U&R$e3 or P_I(C^T^U*r5e4 ....as as "reminder" for either or both of these, I would use "Pe"
Using the key word "vacuseal": V$A!C#U&S@E#A!l9 or V&A#C^U*S$E$A#l- ....as a "reminder" for either or both of these, I would use "Vl"
Using the key word "peterson": P)E#T%E#R$S@o9n6 or P_E$T^E$R%S$O)n9 .... as a "reminder" for either or both of these I would use "Pn"
one more.... "encyclopedia" E#N^C#Y^C#C#O(P)E#D#I*a1 or E$N(C^Y&C^L_O)P_E$D%I(a3

If a password had to be WITH number(s) and without +_)(*&^%$#@!, "picture" would be p0i8c3t5u7r4e3

Type these out and you will see they all have a certain pattern. (Hint: The difference for example between P)I*C#T%U&R$e3 and P_I(C^T^U*R%e4 is "left" or "right"...)

Getting in the habit of using any kind of "pattern" to make and remember it is simple. "picture" can also be "P)I*C#t5u7r4e3" or "p0i8c3t5U&R$E# or.......

(The longer the word, the more secure you password would be.)
 
Unfortunately there are no universal standards for passwords. The number of characters and types of characters vary widely. Some require upper and lower case, some don't. Some require special characters, others don't and some restrict special characters to a specific set. Some require numbers, some don't. Most have limits on the number of characters.
 
Any password can be hacked with decryption software. All of those special characters and numbers are simply ASCII codes just like any letter. The only thing that slows hacking down is the number of characters. A sentence that you can remember is just as valid as those random character passwords.
 
And here's an uplifting thought ... encryption's root word is crypt.
 
I use Roboform password manager. It has a generator where you can select the length and complexity (Upper Case, lower case, digits and Special Characters [and you can select which SCs you want, which is good, since some sites limit which ones are acceptable]).

I generally use 12 characters as long as the site supports it.

While I understand that all characters are just that, my supposition for making the password as complicated as possible is that many hackers will likely take the route of least resistance: words and short common phrases such as those in the "most common passwords" list. For one, it would seem foolish to me to go right to checking "e$Fa_%4D" rather than "password".

While I use the password generator for most things, I do use easier to remember passwords for things where the password manager is not always easily accessible (for instance, if I want to be able to log in from a public computer, or sites that use pages/forms that are not recognized by Roboform and it won't save info). What I do is use a combination of numbers and words, and mix up the case. For instance, if I wanted to use my car as a password my 2006 Porsche Boxster could become 2)poRSchboXSteR)6.
 
threeredapples

** The password must contain at least one UPPER CASE letter.

Threeredapples

*** The password must contain at least one number.

3redapples

** The password must contain at least one UPPER CASE letter.

3Redapples

** The password must contain at least one non-standard character

3/Redapples

** The password must be at least 12 characters

3/Red++++apples

** The password must not spell a word


3/Reed++++appalls

** The password must not contain consecutive characters

3/Re&ed+&+&+&+ap&pal&ls

** The password must not contain an ampersand

3/Re$ed+£+*+~+ap<p>a>l>lshapeenow?

*** That password is already in use.

:(
 
And here we go with the list for 2018. Anyone seeing a pattern here. Must be a few republicans using #23.

1. 123456
2. password
3. 123456789
4. 12345678
5. 12345
6. 111111
7. 1234567
8. sunshine
9. qwerty
10. iloveyou
11. princess
12. admin
13. welcome
14. 666666
15. abc123
16. football
17. 123123
18. monkey
19. 654321
20. !@#$%^&*
21. charlie
22. aa123456
23. donald
24. password1
25. qwerty123
 
Time for a 2020 update from PCMag.

  1. 123456
  2. 123456789
  3. picture1
  4. password
  5. 12345678
  6. 111111
  7. 123123
  8. 12345
  9. 1234567890
  10. senha
  11. 1234567
  12. qwerty
  13. abc123
  14. Million2
  15. 000000
  16. 1234
  17. iloveyou
  18. aaron431
  19. password1
  20. qqww1122
 
Wow the bad passwords havent changed much. Of course most sites now require 8+ chars with a mix of upper and lower, numbers and letters, special symbols, etc. The annoying part is when they require you to change the passwords every couple months, with something you never used there before. ha
 
I use Roboform to create and store my passwords. But even that is a hassle for two primary reasons.

  1. Some sites have password requirements that are a real pain. Like, must contain letters, numbers and special characters !@#$%^&*. So I have to put that into my password generator, when the next site requires (only) %^&**()_. Yet others don't differentiate between upper and lower case.
  2. Some (thankfully, very few) don't have recognizable fields. So Roboform can't fill them. I have to open Roboform, find the site name and then drag or copy/paste the username/passwords.
That said, I am 90+% satisfied with Roboform. It has centralized storage and is multi-platform compliant. So I can add a login on my PC and use it on my Mac or iPhone. If I'm at a friend's with no device I can log into a website and get the info. Additionally it has "Safenotes" which are free text entries for whatever you want. This is mostly helpful for sites that have been set up with non username/password defined fields. But I also have Safenotes for things like our local computer network logins, my families' SSNs, security question/answers, etc. Lastly, it has the ability to save credit card and bank account data, which makes filling out online orders much faster and easier.
 
Why hassle with Roboform when it is all nicely arranged in your MacOS for free? As Vic noted, we have no more worries about passwords and it is all safely stored in your personal Keychain/vault and works flawless at all your iDevices. I use as less third party apps as possible to keep my system pure and clean and to keep sucking "sniffers" like Whatsapp, Instagram and Zoom away from me. People have no idea that those apps snif in your mail, your photo's, your contacts, your geographical movements and your system. I never store/safe my creditcard data anywhere else as in my own wallet.
 
I don't have to remember mine. The websites keeps telling me "Your password is INCORRECT"
So I just enter INCORRECT and it works every time :D
 
Back
Top