A password management specialist has, with the unwitting assistance of Adobe, published an updated list of the worst passwords of 2013 - with 'password' losing its long-held first place.
SplashData's annual Worst Password list shows the classic 'password' being dethroned by '123456' by apparently unimaginative Adobe customers.
The Adobe security breach of 2013 was bad news for the company and its customers: originally thought to cover the data of some three million users
, the attack was later discovered to have resulted in around 150 million records
being made public - including badly-protected passwords and unprotected password hints. Science-themed web comic xkcd described it as the greatest crossword puzzle in the history of the world
, but the breach did have one benefit: allowing security researchers a glimpse into the thought process of the common user.
Password management specialist SplashData has used that to boost the accuracy of its annual Worst Passwords list, profiling the top 25 most commonly-used passwords from the leak and mixing it with its own existing corpus. Perhaps the most interesting result: the all-too-obvious choice of 'password' has been dethroned, with the equally insecure '123456' taking its place as the most commonly used password. Other highlights from the list, which is available in full from the company's website
, include 'qwerty,' 'admin,' 'letmein,' and - unsurprising given the heavy Adobe focus of the password corpus - 'photoshop.' Sadly for fans of 1995 feature film Hackers
, 'love,' 'secret,' 'sex' and 'god' do not make the list.
SplashData's advice - beyond signing up to use its SplashID Safe service, naturally - is to use passwords of at least eight characters with mixed character types, and to avoid the common entropy-boosting method of 'l33tsp34k' where letters are swapped for similarly-shaped numbers, and where supported to use passphrases rather than passwords.