How are Star Wars and the Numbers 1-6 Related?

2 min read
March 1, 2016 at 12:11 PM

If you guessed that they are some of the worst passwords used in 2015, you would be correct! The 2015 annual list of the worst passwords used by individuals was released and coming in at #1 again this year is "123456". Coming in at #2 was everyone's favorite: "password". The shame of the matter is that according to SplashData, these both remain unchanged in terms of position as the worst passwords, meaning that they held those same exact spots in 2014. Amazing!

We often look at Information Security as driven by technology, which is very true. However, you can have all the latest and greatest technology in the world implemented in your organization, but if your users have passwords of 123456 and password, that technology probably isn't going to matter much in the grand scheme of things. It has been said that people remain the weakest link in an organizations Information Security Program, which is true for many reasons, but the use (or lack there of) of appropriate, challenging passwords has to be one of the most obvious instances. For more verification on this, let's look at the entire list of the 25 worst passwords of 2015 in order:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx (See what they did there?)
  16. dragon
  17. master
  18. monkey
  19. letmein (Again, see what they did there?)
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

If we look at this list a little closer, particularly the top 10 worst passwords of 2015, 60% of these are just numbers. No special characters. No letters. No punctuation. Just numbers. This has brute force attack written all over it and for good reason; it's just too easy!

Contact Us

That's the bad news. The good news is that this can be fixed through a variety of different tactics. First, have your employees, all of them, go through Security Awareness Training at least annually. Second, refresh this material at quarterly meetings or through company newsletters. Third, have a strong Password Policy that requires frequent changes and combinations of lowercase letters, uppercase letter, numbers, and special characters. Your employees may hate you for this but at least your organizations information will be a little more secure. Fourth and finally, "test" your employees through Social Engineering Assessments to see what passwords they use, where they store those passwords, and how easy it might be to guess or find their passwords.

For some tips and best practices, and in some cases what not to do, download our Best Password Tips Checklist. Print it out, give it to your staff, and build a culture of security in your company!

Contact Us

Get Email Notifications

No Comments Yet

Let us know what you think