Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

The Worst Passwords of 2018: We Never Learn

December 18, 2018

SplashData has released the worst passwords of 2018 – and they have a familiar ring. Here is the list of the top 10.

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou

Godawful, aren't they? But as Naked Security pointed out, maybe we shouldn't be blaming the users. Instead we should be fixing the password composition policies.

Websites and services need to stop allowing passwords that are say, on the list of 10,000 worst passwords. If your website/service used zxcvbn, a password strength meter made by Dropbox (also used by WordPress and available to all of us for free), users would be warned if they'd chosen one of those terrible passwords.

Of course, if your website/'service makes two-factor authentication mandatory, even the idiot users with bad passwords would be better protected. It is past time that websites and services tried to protect users from themselves!

E-mail:    Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson