Does your company follow password policy best practices?  We often say that some companies spend millions of dollars on cyber security tools, but then forget about setting up the basics.

For the last several years, a company called SplashData conducts an analysis of hacked passwords that are found in various pockets on the web and dark web.  They tally up the most used simplistic passwords that are found in millions of passwords they analyze.  Some are new to the list, such as ‘donald‘, but there are many that are on the list every…single…year.

In today’s world of almost daily data breach announcements, lost financial information, fraudulent credit card charges, etc. you would think that people would finally switch to a complex password.  Once again, common sense is not common, I suppose.

The list of top 25 passwords SplashData tallied is below.  Hopefully your password is not on this list.

Here is the list:

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou
  11. princess
  12. admin
  13. welcome
  14. 666666
  15. abc123
  16. football
  17. 123123
  18. monkey
  19. 654321
  20. !@#$%^&*
  21. charlie
  22. aa123456
  23. donald
  24. password1
  25. qwerty123

Forward this page to your colleagues, friends, and family and have them check it for their passwords.  For businesses, there is an easy way to enforce the usage of complex passwords via settings on the server.  Most companies have that setting in place, but if yours does not, just ask your IT partner to plan and implement it, after communicating the upcoming change to your employees, of course.

Strong, complex and unique passwords are crucial to protecting your information and your company, but because the bad guys have automated tools to crack passwords, it is also important to have multi-factor authentication (MFA) that combines your password with a one-time code that you see on your phone or other device.   We have covered that in the past and will be publishing an updated post on MFA at the beginning of the new year.

Need assistance with setting up a new access management strategy at your firm?  Give us a call or use our contact form and we will help you improve the security of your company.