The bad news: millions of internet users rely on the weakest possible passwords to protect their online lives. The good news: you don’t have to be one of them. Internet security company SplashData tallies the top 25 passwords compiled from millions of passwords stolen and posted online during the previous year. Two-time runner-up “123456” took the cake this year, replacing “password” on SplashData’s worst password list. This is the first time “password” has been knocked out of the top spot, according to a SplashData press release. The change could have been influenced by a number of passwords posted online after Adobe was hacked in October, affecting nearly 3 million users. “Seeing passwords like ‘adobe123’ and ‘photoshop’ on this list offers a good reminder not to base your password on the name of the website or application you are accessing,” CEO Morgan Slain said in the release. Several of the worst passwords on the list mixed letters and numbers, including “password1” and abc123,” but 10 of 25 are numerical passwords, “even though websites are starting to enforce stronger password policies," Slain said. Don’t wind up on the worst passwords list. Check out these tips for protecting your information online. Size matters: Choose a password with eight or more characters. Include numbers, lowercase and capital letter and other characters. Mix it up: Don’t use the same password over and over. Tying the same username and password to multiple sites can set you up for disaster if someone discovers the login information for one account. Assess the risk: For websites that don’t store financial information or other sensitive data, it’s OK to rotate through a few less-complex passwords. But for sites that require extra security, like a banking or bill pay site, choose a unique, complex password. Get creative: Think outside the box. Instead of choosing a single word, pick a phrase. Separate it (or don’t), with underscores or dashes. Add a number and a symbol, and you’ve got yourself a strong password. Don’t stump yourself: A random series of characters (think “a5kgi$f”) might be hard to guess, but there’s a good chance you won’t remember it. Take a phrase and transform it into a good password. “Girl next door” could become “grlNxtD00r.” Forget personal details: Don’t base a password around easily-guessed personal details like your name, age, birthday, anniversary, address or phone number. Switch often: Change your passwords often to prevent outsiders from accessing your accounts without your permission. Someone could be scanning your information without your knowledge, and changing the password locks out prying eyes. When you do make a chance, switch to a significantly different password. Secure your back-up options: If you do forget your password, ensure you’ve got strong backup. Many websites ask users to answer security questions, though someone who knows you or can access your social media profiles could easily guess the answers. If a site asks where you were born, get creative. Instead of Phoenix, for example, “use ph0enIX.” Store smart: If you’re having trouble remembering your passwords, download a secure password-storage app or upload your passwords to an encrypted disk or private USB storage device. If you write down your passwords, don’t include usernames or label them in case you lose the document. Here’s the full list of SplashData’s top 25 “Worst Passwords” for 2013. 1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345 21. password1 22. princess 23. azerty 24. trustno1 25. 000000
