News

The 25 worst passwords of 2011
The 25 worst passwords of 2011

Creating a password that is secure but memorable is a tricky business; so much so that no matter how often we hear it, many simply dispense with the bothersome secure bit.

Don't do this, kids. We counsel security for a reason: because a weaksauce password is the fastest way to get yourself good and haxx0red.

SplashData compiled the list from files containing millions of nicked passwords posted online by these haxx0rs. All we can do is shake our heads. Tsk, tsk. We are chagrined that "password" still tops the list.

1. password
2. 123456
3. 12345678
4. qwerty
5. abc123
6. monkey
7. 1234567
8. letmein
9. trustno1
10. dragon
11. baseball
12. 111111
13. iloveyou
14. master
15. sunshine
16. ashley
17. bailey
18. passw0rd
19. shadow
20. 123123
21. 654321
22. superman
23. qazwsx
24. michael
25. football

As we all should well know by now, a combination of upper- and lower-case letters, symbols and numbers — as well as a different password for every account you own — is the best method of creating a secure password, but if you have committed one of these password faux pas or are unsure how to go about creating a secure one, never fear! CNET is here!


Password Generator

There are a number of password-generating tools that will create strong passwords for you. We like the PCTools one — it allows you to set a variety of parameters in order to comply with any website's password policy.

Credit: PCTools

The Wolfram Alpha search engine provides a similar service; simply enter "strong password" into the search box to navigate to its generator. Both of these tools generate genuinely random passwords, which are a lot harder to crack than your birth date or your dog's name.

Credit: Wolfram Alpha

Password Manager

The problem is that such passwords are really difficult to remember. One solution is a password manager, such as KeePass. KeePass stores all your passwords in an encrypted database, which can only be unlocked by your master password. As well as compatibility with PC, Mac and Linux, there are BlackBerry, iPhone, PalmOS, Windows Phone 7 and Android apps available for it, too — this cross-platform portability makes it super-convenient.

Credit: KeePass

If you're the kind of person who trusts a product more if you pay for it, 1Password is a highly regarded, one-off payment password vault that works across PC, Mac, iOS and Android.

Credit: AgileBits

Password-strength tester

If, at the end of the day, you still prefer to create your own passwords, at the very least you can test their strength.

Microsoft has an HTTPS password tester online that allows you to enter your password. The green bar will fill up according to your password's strength — red for "terrible" and green for "you may proceed".

Credit: Microsoft

Not everyone trusts Microsoft, though. An alternative is LBW-Soft's Password Review. Not only does this online service check your password, it also breaks down where it fails in detail, so that you can address those areas if you so choose.

See that? It takes precisely zero seconds to Brute-Force the password "password". (Credit: LBW-Soft)

Or, finally, there are always the wise words of Randall Monroe ...

Credit: XKCD

Keyhole Red photo by alicia rae, CC BY-SA 2.0

Recommended Videos

Compare & Save

Our Picks

We Suggest

Follow Us

Compare & Save

Partners