If you want to keep your accounts secure, it is probably best not to use the word password as your password. However, you could do worse according to a list of the worst passwords of 2015 that has recently been published. 123456 is a much worse choice.

The list of the worst passwords of 2015 would be comical were it not for the fact that so many people actually use these words, phrases, and numerical sequences to (barely) secure their accounts. Send the list around your organization and you may even hear a few gasps as users open the document to discover that their cunning password has been revealed to the masses.

The worst passwords of 2015 list contains some absolute howlers, but also some that users may think are actually quite. Sadly though, passw0rd is not that difficult for a hacker to guess. 1qaz2wsx is better, but not by much. That also makes it onto this year’s top 25 list.

Unsurprisingly with a new Star Wars film having just been released there are a few new entries along that theme. Solo makes it on the list, as does Princess, and StarWars. Minus the capital letters of course. Leia is not on there, but that does not mean it is a good choice either.

People are very bad at choosing passwords

The list of the worst passwords of 2015 serves as a reminder that we are very bad at choosing passwords. We would all like a password that is easy to remember and can be used across all accounts, especially hackers.

Even if a password does not make it into the top 25 list of the worst passwords of 2015, instead it earned place 499, it would not keep an account secured for long if a hacker attempts to crack it. Password dictionaries are compiled, updated, and used by hackers to gain access to accounts, and it doesn’t take long to run through a list of the top 1000 password choices and try them all. If a word is in the Oxford or Merriam Webster English dictionary it will be on a hackers list as well.

The best approach to take when choosing a password is to make sure it can’t actually be remembered very easily. The longer and more complicated the password is, the harder it will be for a hacker to crack it. Special characters must be used, numbers, capital letters, and lower case as well. Since some end users will ignore this advice, it is essential to enforce the minimum number of characters and the use of capitals, numbers, and special characters.

According to SplashData, the company that compiled the list of the worst passwords of 2015, in order to keep accounts secure it is essential to create one that is hard to remember for all accounts, and to use a password manager so they do not need to be remembered. The company suggests the use of its own one of course.

However, the most popular password manager – LastPass – was recently shown not to be as secure as people may think. Hackers could all too easily spoof the viewport and obtain even the most difficult-to-guess password.

A complex, difficult-to-guess password for each site along with a password manager to help remember it is a good option, and it will help to keep accounts secure and will save sys admins from having to keep resetting user passwords.

However, the password itself is the problem really. That is what really needs to be changed. Any password-based security system is vulnerable and even two-factor authentication is not infallible.

The best choice for keeping accounts secure is to use biometric factors to verify identity, but sadly, at present the technology is too expensive for many companies to implement. The good news is the technology is becoming cheaper and before the decade is out an alternative to passwords could well be affordable enough for many businesses to implement. We will then finally be well on our way to consigning passwords to the history books.

SpashData’s List of list of the worst passwords of 2015

Listed below is SpashData’s list of the worst passwords of 2015, together with the list for 2014 for comparison. You can see that even with the increase in reported hacking incidents, many people are still choosing unsecure passwords.

the worst passwords of 2015