'123456' replaces 'password' as worst password

Despite numerous online security breaches and websites enforcing stricter rules for password creation, "123456" has topped the list of worst passwords compiled by SplashData.

The good news is that "password" is no longer the worst password, slipping to No. 2, but it seems people have chosen something equally obvious and silly. SplashData's list was influenced by last year's security breach at Adobe, which saw the release of encrypted data for 38 million active users.

"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," says Morgan Slain, CEO of SplashData.

Despite many online sites requiring users to adhere to guidelines on setting passwords -- like using a combination of uppercase letters, special symbols and numbers -- people continue to put themselves at risk by choosing weak passwords, such as "abc123," "iloveyou," and "123123."

Some people seemed to think they could outsmart hackers by adding more digits to already weak passwords. At No. 3 is "12345678," No. 4 is "123456789" and "1234567890" is at No.13, the last two being new additions to the list.

Apart from weak passwords, another mistake many make is using the same password for multiple online accounts. According to a recent review by Trustwave of 2 million passwords they discovered online in the Netherlands, 30 percent of users who had accounts across multiple social media sites had reused the same password.

"With a small amount of effort and some clever Google queries, an attacker could find additional online services where the compromised user had used a similar password and could then gain access to those accounts as well," said John Miller, security research manager at Trustwave.

[SplashData] [PCMag]