“123456” topped the list of most-leaked passwords in 2016, a spot it’s held for several years.
And the Oscar for the worst password of 2016 goes to… “123456.”
Denizens of the Internet are frequently admonished that their passwords aren’t secure enough and that they must create better ones, but a list of 25 of the most-hacked passwords suggests that many of them aren’t heeding the warnings.
The top two spots on the list, compiled by SplashData, have remained unchanged for three years in a row. “123456” topped the list, while “password” came in second. Rounding out the top five this year were “12345,” “12345678,” and “football.” The rest of the list is littered with variations on the top two, including “passw0rd” and “password1.”
“Making minor modifications to an easily guessable password does not make it secure, and hackers will take advantage of these tendencies,” SplashData CEO Morgan Slain said in a statement.
This year’s list shows a marked decrease in sports-related words.
Although “football” was the fifth-most common leaked password, it was the only sports term on the list. Meanwhile, new appearances on the list include “hottie”, “loveme”, and “flower.”
SplashData, which makes password management apps like SplashID, compiled its list from more than five million passwords that were leaked during 2016.
“Our hope is that by researching and putting out this list each year, people will realize how risky it is to use these common logins, and they will take steps to strengthen their passwords and use different passwords for different websites,” Slain said.
A report last week from rival password maker Keeper Security analyzed twice as many leaked passwords, but corroborated SplashData’s finding that “123456” was the most-frequently leaked.