I've been using SplashID, one of the password solutions from SplashData, for a very long time. As a customer, it was easy to find the company's list of bad passwords. I consider the list a tremendous public service because it is not created from casual observation but instead derived from a huge, five million item list of leaked passwords.
This year's list can be found at www.teamsid.com/worst-passwords-2017-full-list (TeamsID is one of SplashData's products and this year's marketing beneficiary of the list). This year the list got longer, 100 terrible passwords instead of 25 in previous years.
I have spent quite a bit of time over the past few years advising my clients about the simple measures they can take to improve their personal security and I have always made SplashData's list a cornerstone of my pitch. It nevertheless appalls me to find some of the same horrible passwords at the very top of this year's list. I mean, 123456? Really?
Unfortunately, really. This past year I discovered that one of my clients was using one of this year's top 100 and, worse, extensively violating both golden rules of passwords - choose good passwords and use a different password for every account, no matter how innocuous the account may seem.
SplashData's list also shines a beacon on what is clearly a serious problem with systems that allow such ridiculous passwords. My Web site content manager, SiteCommander, will not allow a user to choose any of this year's top 100. A year ago that was not the case and my clients grumbled a bit about coming up with the stronger passwords needed to comply with the new, tougher rules. Shouldn't Amazon and your bank insist on heavy-duty credentials?
The big problem with good passwords, of course, is remembering them. That's why SplashData and others are in business - to provide you with the mechanism to remember all those tough passwords. You may not like the password 2b[#1^Q5*v71 because you can't possibly remember it, but SplashID can recall it for you.
Take a look at this year's list. If you are using any of the top 100 or any variant of them, change those passwords today.