If you like dragons, Superman and sports — keep it to yourself when crafting a password.
About one-third of security breaches are due to weak passwords, according to a global security report published Tuesday by web security firm Trustwave.
At home, people tend to use passwords that are easy to remember, like a sports team or superhero. But at work, they often keep the ones they started with.
“Weak passwords can lead to bad things,” the report said.
Cybercrime costs businesses and consumers more than $445 billion each year, according to McAfee.
Payment card data was the most sought after prize for hackers, according to TrustWave. On business computers the most common passwords are:
- Password1
- Welcome1
- P@ssword
- Summer1!
- password
- Fas$hion1
- Hello123
- Welcome123
- 123456q@
- P@ssword1
A skilled hacker can eviscerate an eight-character password within a day, the report said. Adding two more characters can increase that to nearly 600 days, unless it’s an easily guessable pattern.
Personal passwords are even easier to crack, according to aJanuary analysis of more than 3 million leaked passwords by SplashData. People often use easy-to-guess number sequences, sports teams or just “password.”
Birthdays and popular names are a bad idea, too.
“Any password using numbers alone should be avoided, especially sequences,” said Morgan Slain, CEO of SplashData in a statement.
Many websites are requiring longer or more complex passwords. But people often just type in longer, guess-able sequences, Slain said.
The top 25 personal passwords are:
- 123456
- password
- 12345
- 12345678
- qwerty
- 1234567890
- 1234
- baseball
- dragon
- football
- 1234567
- monkey
- letmein
- abc123
- 111111
- mustang
- access
- shadow
- master
- michael
- superman
- 696969
- 123123
- batman
- trustno1
Gavin Stern is a national digital producer for the Scripps National Desk.
