CNET también está disponible en español.

Ir a español

Don't show this again


The 25 worst passwords of 2011

Internet security firm SplashData has revealed the 25 worst passwords of 2011 — and boy are they doozies.

Internet security firm SplashData has revealed the 25 worst passwords of 2011 — and boy are they doozies.

(Keyhole Red image by alicia rae, CC BY-SA 2.0)

Creating a password that is secure but memorable is a tricky business; so much so that, no matter how often we hear it, many simply dispense with the bothersome "secure" bit.

Don't do this, kids. We counsel security for a reason: because a weak-sauce password is the fastest way to get yourself good and haxx0red.

SplashData compiled the list from files containing millions of nicked passwords posted online by these haxx0rs. All we can do is shake our heads. Tsk, tsk. We are chagrined that "password" still tops the list.

  1. password
  2. 123456
  3. 12345678
  4. qwerty
  5. abc123
  6. monkey
  7. 1234567
  8. letmein
  9. trustno1
  10. dragon
  11. baseball
  12. 111111
  13. iloveyou
  14. master
  15. sunshine
  16. ashley
  17. bailey
  18. passw0rd
  19. shadow
  20. 123123
  21. 654321
  22. superman
  23. qazwsx
  24. michael
  25. football

As we all well should know by now, a combination of upper and lower case letters, symbols and numbers — as well as a different password for every account you own — is the best method of creating a secure password, but if you have committed one of these password faux pas or are unsure how to go about creating a secure one, never fear! CNET is here!

Password generator

There are a number of password generating tools that will create strong passwords for you. We like the PCTools one — it allows you to set a variety of parameters in order to comply with any website's password policy.

(Credit: PCTools)

The Wolfram Alpha search engine provides a similar service; simply enter "strong password" into the search box to navigate to its generator. Both these tools generate genuinely random passwords, which are a lot harder to crack than your birth date or your dog's name.

(Credit: Wolfram Alpha)

Password manager

The problem is that such passwords are really difficult to remember. One solution is a password manager, such as KeePass. KeePass stores all your passwords in an encrypted database, which can only be unlocked by your master password. As well as compatibility with PC, Mac and Linux, there are BlackBerry, iPhone, PalmOS, Windows Phone 7 and Android apps available for it, too — this cross-platform portability makes it super-convenient.

(Credit: KeePass)

If you're the kind of person who trusts a product more if you pay for it, 1Password is a one-off payment password vault that works across PC, Mac, iOS and Android.

(Credit: AgileBits)

Password strength tester

If, at the end of the day, you still prefer to create your own passwords, at the very least you can test their strength.

Microsoft has an HTTPS password tester online that allows you to enter your password. The green bar will fill up according to your password's strength — red for "terrible" and green for "you may proceed".

(Credit: Microsoft)

Not everyone trusts Microsoft, though. An alternative is LBW-Soft's Password Review. Not only does this online service check your password, it also breaks down where it fails in detail, so that you can address those areas if you so choose.

See that? It takes precisely zero seconds to Brute-Force the password "password". (Credit: LBW-Soft)

Or, finally, there are always the wise words of Randall Monroe...

(Credit: XKCD)