The #1 Password For 2014? 123456

SplashData has announced its annual list of the 25 most common passwords found on the Internet – thus making them the “Worst Passwords” that will expose anybody to being hacked or having their identities stolen. In its fourth annual report, compiled from more than 3.3 million leaked passwords during the year, “123456”and “password” continue to hold the top two spots that they have held each year since the first list in 2011. Other passwords in the top 10 include “qwerty,” “dragon,” and “football."

Presenting SplashData’s “Worst Passwords of 2014”:

1. 123456 (Unchanged from 2013)
2. password (Unchanged)
3. 12345 (Up 17)
4. 12345678 (Down 1)
5. qwerty (Down 1)
6. 1234567890 (Unchanged)
7. 1234 (Up 9)
8. baseball (New)
9. dragon (New)
10. football (New)
11. 1234567 (Down 4)
12. monkey (Up 5)
13. letmein (Up 1)
14. abc123 (Down 9)
15. 111111 (Down 8)
16. mustang (New)
17. access (New)
18. shadow (Unchanged)
19. master (New)
20. michael (New)
21. superman (New)
22. 696969 (New)
23. 123123 (Down 12)
24. batman (New)
25. trustno1 (Down 1)

Also in the top 100 are swear words and phrases, hobbies, famous athletes, car brands, and film names.

We would give you advice on creating a better password but let’s be honest; if you’re reading this you probably know better and if you are using 123456 odds are you don’t read tech news. Ever.

20.01.2015
http://www.majorgeeks.com/news/story/the_1_password_for_2014_123456.html​

 

Думаю это последний год "призовой" был для "123456".

На кануне 2015 заметил прогрессивную тенденцию перехода к более стойким паролям. Ярким пример этого большое кол-во зарубежных сервисов/порталов уже сделали переход к новой политике:

Code:

( lower + UPPER + Dig ) 8+ symbols

Да, это возможно не значительно исправит ситуацию, но с другой стороны также и не соглашусь.
Довольно кардинальные реформы внутри компаний, к тому же делая Юзеров причастными к этому (смена/восстановления/сброс пароля). Заметную часть клиентов теряют компании.

Однако как-то писал статейку, в которой привел более 11 методов усиления защиты от брутфорса, не вовлекая юзеров абсолютно ничем в процессе улучшения систем защиты.

И, могу предположить, что с криптографической стороны в данном случае заметно сужается диапазон атаки. Логично, если у пользователя был постоянный пароль < 8 symbols, большинство выберут длину пароля именно 8 символов. А, более продвинутые юзеры и до этого владели вполне стойкими и уникальными паролями.

Sorry for my english

I think this is the last year "prize" was to "123456".

On the eve of 2015 saw a progressive trend of transition to a strong password. A striking example of this is a large number of foreign services / portals have already made the transition to a new policy:
code:
(Lower + UPPER + Dig) 8+ symbols


Yes, it can not significantly improve the situation, but on the other hand also do not agree.
Pretty radical reforms within companies, besides making Users involved in this (change / restore / reset the password). A significant part of the company's customers lose.

However, once wrote an article, which brought more than 11 methods to strengthen protection against brute force without involving users is absolutely nothing in the process of improving security systems.

And I assume that with cryptographic hand in this case significantly narrows the range of attack. Logically, if the user was a permanent password <8 symbols, most will choose the length of the password is 8 characters. A more advanced users, and before that owned quite persistent and unique password....