Still Using One of These Popular Passwords? Here’s What To Do.

Remember the massive Yahoo data breach from earlier this year? Researchers from Lancaster University and China’s Peking University and Fujian Normal University created an algorithm to guess the passwords from the leaked list–and had a 73 percent success rate. After analyzing the leaked data, they revealed the top 10 most popular passwords used to protect Yahoo accounts.

Introducing the top 10 passwords you should never, ever use:

  1. 123456
  2. password
  3. welcome
  4. ninja
  5. abc123
  6. 123456789
  7. 12345678
  8. sunshine
  9. princess
  10. qwerty

The data resembles a similar finding from SplashData’s 2015 report of stolen passwords, which found that “123456” is still the most commonly used password, followed by “password,” and “12345678.”

If you, a family member, co-worker, or anyone you know still uses one of the passwords on this list, here’s what to do:

CHANGE THEM IMMEDIATELY!

That goes without saying, but if your passwords haven’t been changed in the last 3 months, take an hour or so out of your day to create long and strong passwords for each and every one of your accounts. Here are some additional tips to help you create (and remember) your new, strong password:

  1. Stop using passwords containing dictionary words, slang, curse words, email addresses, names, places, etc. This can leave you susceptible to dictionary attacks, brute force attacks, and other sophisticated cyber threats.
  2. Get creative and start using different letters, numbers, and special symbols that you’ve never used before. Instead of changing an “s” to “$”, try to use a set of symbols that aren’t commonly used: ~ ` % & * # = +
  3. Use this password mnemonics trick to help you create a strong password you’ll remember. See this blog post for more details on this helpful life hack.
  4. Starting using a password manager! Dashlane’s password manager is the all-in-one tool to help you generate and save strong complex passwords for all of your online accounts. Try using the Password Generator tool to generate unique passwords and have them automatically saved in Dashlane for you. Worried that you may still be using a weak password for one or more of your accounts? Use Dashlane’s Security Dashboard to help you monitor the strength of all of your passwords. It’ll indicate passwords that are weak, reused, old, or compromised, making it faster and  easier to sort through the passwords you need to change.
  5. Read our blog post on how to make strong passwords even stronger!

 

Looking for more ways to improve your passwords? You’ll enjoy these articles on our blog!
5 Quick Tricks to Improve Your Online Security in 5 Minutes (Really!)
How to Make “Strong” Passwords Even Stronger
A 5-Step Guide to Checking “Secure My Passwords” Off Your Resolution List
Still using one of these popular passwords? Here’s what to do.
  • Many websites do not allow the use of special characters.

    • Hi Noriega!

      Unfortunately, you’re absolutely right. We’ve found several websites have subpar password policies in our Security Roundups. Check out this roundup from last year on E-commerce websites: https://www.dashlane.com/internet-security-roundup/ecommerce-2015

      If you do run into a website that doesn’t accept special characters, I recommend creating a longer password (around 12-15 characters) with a good mix of upper and lowercase letters and numbers. I also recommend enabling 2FA whenever possible to add an extra layer of security over your accounts.

      Thanks for chiming in!

      -Malaika