+44 (0)203 88 020 88

Menu

Search

Cyber Security News & Articles

 

Cyber Security
News & Articles

Trusted Cyber Security Experts
25+ Years Industry Experience
Ethical, Professional & Pragmatic

2018 Top 25 Worst Passwords Revealed

top 10 weak password 2018

No end of year would be complete without a top ten list and SplashData has just published their 8th Annual Worst Password list.

In their announcement, SplashData says:

“After evaluating more than 5 million passwords leaked on the Internet, the company found that computer users continue using the same predictable, easily guessable passwords. Using these passwords will put anyone at substantial risk of being hacked and having their identities stolen.

While terrible passwords such as “123456” and “password” continue in the #1 and #2 spots, respectively, President Trump debuted on this year’s list with “donald” showing up as the 23rd most frequently used password.”

Reading like a music chart, we see a new entry at number 8 for ‘sunshine’ while ‘admin’ drops one place from 11 to 12. The full top 25 are shown below:

Top 25 most used passwords in 2018

1    123456      (Rank unchanged from last year)
2    password    (Unchanged)
3    123456789   (Up 3)
4    12345678   (Down 1)
5    12345   (Unchanged)
6    111111   (New)
7    1234567   (Up 1)
8    sunshine   (New)
9    qwerty   (Down 5)
10    iloveyou   (Unchanged)
11    princess.  (New)
12    admin.  (Down 1)
13    welcome   (Down 1)
14    666666   (New)
15    abc123   (Unchanged)
16    football   (Down 7)
17    123123   (Unchanged)
18    monkey   (Down 5)
19    654321   (New)
20    !@#$%^&*   (New)
21    charlie   (New)
22    aa123456   (New)
23    donald   (New)
24    password1   (New)
25    qwerty123   (New)

SplashData estimates almost 10% of people have used at least one of the 25 worst passwords on this year’s list, and nearly 3% of people have used the worst password, 123456.

There is a more useful side to all this frivolity and head shaking for system administrators. SplashData is offering a free download of the 100 most used passwords they have discovered which any security-minded administrator would be wise to load into their password blacklist if your systems support it. For more information go to: https://www.teamsid.com/100-worst-passwords/

By blacklisting certain words and strings, you can prevent your users setting a well-known password which is more easily guessed.  Best practice is to use a password manager to generate strong and complex passwords for every login. Setting password blacklists provides a useful safety net for when the usual complexity rules cannot be enforced.

How to configure password blacklists

For Windows try Microsoft Azure AD which now supports password blacklisting : https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-configure

Or third party solutions such as ManageEngine for traditional on premises Active Directory systems: https://www.ManageEngine.co.uk/products/self-service-password/

On Linux try the Pluggable Authentication Module (PAM): http://www.linux-pam.org/Linux-PAM-html/sag-pam_cracklib.html

 

Subscribe to our monthly newsletter today

If you’d like to stay up-to-date with the latest cyber security news and articles from our technical team, you can sign up to our monthly newsletter. 

We hate spam as much as you do, so we promise not to bombard you with emails. We’ll send you a single, curated email each month that contains all of our cyber security news and articles for that month.

Why Choose SecureTeam?

Customer Testimonials

“We were very impressed with the service, I will say, the vulnerability found was one our previous organisation had not picked up, which does make you wonder if anything else was missed.”

Aim Ltd Chief Technology Officer (CTO)

"Within a very tight timescale, SecureTeam managed to deliver a highly professional service efficiently. The team helped the process with regular updates and escalation where necessary. Would highly recommend"

IoT Solutions Group Limited Chief Technology Officer (CTO) & Founder

“First class service as ever. We learn something new each year! Thank you to all your team.”

Royal Haskoning DHV Service Delivery Manager

“We’ve worked with SecureTeam for a few years to conduct our testing. The team make it easy to deal with them; they are attentive and explain detailed reports in a jargon-free way that allows the less technical people to understand. I wouldn’t work with anyone else for our cyber security.”

Capital Asset Management Head of Operations

“SecureTeam provided Derbyshire's Education Data Hub with an approachable and professional service to ensure our schools were able to successfully certify for Cyber Essentials. The team provided a smooth end-to-end service and were always on hand to offer advice when necessary.”

Derbyshire County Council Team Manager Education Data Hub

“A very efficient, professional, and friendly delivery of our testing and the results. You delivered exactly what we asked for in the timeframe we needed it, while maintaining quality and integrity. A great job, done well.”

AMX Solutions IT Project Officer

“We were very pleased with the work and report provided. It was easy to translate the provided details into some actionable tasks on our end so that was great. We always appreciate the ongoing support.”

Innovez Ltd Support Officer

Get in touch today

If you’d like to see how SecureTeam can take your cybersecurity posture to the next level, we’d love to hear from you, learn about your requirements and then send you a free quotation for our services.

Our customers love our fast-turnaround, “no-nonsense” quotations – not to mention that we hate high-pressure sales tactics as much as you do.

We know that every organisation is unique, so our detailed scoping process ensures that we provide you with an accurate quotation for our services, which we trust you’ll find highly competitive.

Get in touch with us today and a member of our team will be in touch to provide you with a quotation. 

0

No products in the basket.

No products in the basket.