Yes. That is my hand.
First thing’s first. The headline is a reference from the movie “Step Brothers.” If you did not get that, shame on you. I mean, where have you been? It’s totally North Korea approved.
Secondly, and more to the point of this blog entry, I was delighted to get the opportunity to use the line upon having a significant shaking-my-head (that’s what “smh” means when the kids text that to you, by the way) moment while absorbing the Annual Worst Password List compiled by SplashData, a provider of password-management applications.
The Los Gatos, Calif.-based company’s list, based on an analysis of 3.3 million leaked passwords during 2014, includes “dragon.” You almost can’t blame the people who have chosen this as a password. What can be cooler than: “Password: Dragon”? Just brings a smile to your face.
But what the h-e-double-hockey-sticks is wrong with you people using “123456?”
Each year since SpashData released its first worst-password list in 2011, “123456” and “password” have occupied the top two spots. Password?!
Nine of the top 25 worst passwords of 2014 (see them below) are comprised of numbers only.
“Passwords based on simple patterns on your keyboard remain popular despite how weak they are,” said Morgan Slain, CEO of SplashData, in a statement. “Any password using numbers alone should be avoided, especially sequences. As more websites require stronger passwords or combinations of letters and numbers, longer keyboard patterns are becoming common passwords, and they are still not secure.”
While fun, this list is just as frightening. This, after all, is a website for all of those tied to cyber insurance in some way–including segments of this universe trying to get a handle on cyber risk to profitably underwrite it. And this list proves many of us are just plain stupid. Or uncreative. Or lazy. Or we can’t remember.
The point isn’t that we’re asked for too many passwords or that passwords as a security measure are stupid. The point is they are used now and we aren’t very good at using them the way they are intended. And due to this, we’re all exposed.
I can tell you I defy at least one, maybe more, of the tips SplashData provides with its list. I can’t help it. I’ve written about passwords in the past. SpashData claims to solve this problem. So yes, there’s a commercial reason they go through this trouble. But we thank them anyway.
| Rank | Password | Change from 2013 |
| 1 | 123456 | No Change |
| 2 | password | No Change |
| 3 | 12345 | Up 17 |
| 4 | 12345678 | Down 1 |
| 5 | qwerty | Down 1 |
| 6 | 123456789 | No Change |
| 7 | 1234 | Up 9 |
| 8 | baseball | New |
| 9 | dragon | New |
| 10 | football | New |
| 11 | 1234567 | Down 4 |
| 12 | monkey | Up 5 |
| 13 | letmein | Up 1 |
| 14 | abc123 | Down 9 |
| 15 | 111111 | Down 8 |
| 16 | mustang | New |
| 17 | access | New |
| 18 | shadow | Unchanged |
| 19 | master | New |
| 20 | michael | New |
| 21 | superman | New |
| 22 | 696969 | New |
| 23 | 123123 | Down 12 |
| 24 | batman | New |
| 25 | trustno1 | Down 1 |
Chad Hemenway is Managing Editor of Advisen News. He has more than 15 years of journalist experience at a variety of online, daily, and weekly publications. He has covered P&C insurance news since 2007, and he has experience writing about all P&C lines as well as regulation and litigation. Chad won a Jesse H. Neal Award for Best Single Article in 2014 for his coverage of the insurance implications of traumatic brain injuries and Best News Coverage in 2013 for coverage of Superstorm Sandy. Contact Chad at 212.897.4824 or [email protected].
