Happy New Year! Welcome to 2011!
Yes, it’s a time warp in password land, according to the yearly list of the 25 worst passwords collected by password management app company SplashData.
It’s a fresh list, but this bakery’s full of stale bread.
Welcome back, 123456 and password! You’ve been glued to the top two spots since the company first put out a list in 2011!
But wait, we have two newcomers to welcome to the top 25 worst passwords: 696969 and batman.
This is the part of password head-banger stories where we’d usually bemoan how easy it is to guess passwords like that (it’s so easy that a password cracking program would probably guess them faster than you can type them.)
This year, late-night US talk show host Jimmy Kimmel has added an extra dimension to this repetitive yearly ritual by showing that even guessing at people’s passwords might not be necessary.
Plenty of people seem to be pleased as punch to just tell you their passwords – at least, they are if you’ve got a TV crew filming them.
Because reporter with microphone.
What could possibly go wrong?
It’s not as if anyone watches “Jimmy Kimmel Live” outside of its 2.83 million viewership!
If you don’t want to watch the video, here’s a sample from the clip:
Reporter: We're talking about cybersecurity today and how safe people's passwords are. What is one of your online passwords currently?
Woman stopped on Hollywood Boulevard: It is my dog's name and the year I graduated from high school.
Reporter: Oh, what kind of dog do you have?
Woman: I have a chihuahua papillon.
Reporter: And what's its name?
Reporter: Jameson. And where'd you go to school?
Woman: I went to school back in Greensburg, Pennsylvania.
Reporter: What school?
Woman: Hempfield Senior Area High School.
Reporter: Oh. And when did you graduate?
Woman: In 2009.
Last year around this time, Naked Security’s John Hawes wrote up the SplashData list of 2013 password groaners, taking a nuanced look at whether it even matters how bad our passwords are.
After all, there are trivial sites that we don’t care about, given that they don’t deal in credit card numbers or other sensitive data, right?
But as Naked Security’s Paul Ducklin responded in the comments, nope, there’s no “relevant” switch on the internet, and you really should worry that cyber thugs could grab control of your accounts – any and all of them – to imitate you.
That includes not just people hijacking our Twitter accounts; it also means people taking over accounts on supposedly “innocuous” sites to post bogus announcements or libellous meeting minutes, solicit volunteers through a fraudulent website or anything else.
We need strong, unique passwords everywhere, not just at a handful of sites that we take seriously.
The easiest way to manage all the passwords you need is with a password manager that will cook up nicely convoluted passwords, and then keep track of them, for you.
Not everyone is prepared to trust a password manager with the keys to their kingdom but they do accomplish one very useful thing: they avoid churning out passwords like these, the 25 worst ones from SplashData’s 2014 list (as compiled from more than 3.3 million passwords leaked during 2014, mostly from North America and Western Europe users):
Of course even if you use a password manager you’ll need to create and remember at least one really strong password to protect it. To find out how, watch our short, straight-talking video:
→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.
Image of facepalm courtesy of Shutterstock.
8 comments on “People happily give away their (bad) passwords to TV reporter”
Many years ago (20+) the IT guys where I worked would run a password cracking program and publish any that they cracked.
It did leaves us wondering about one colleague, who turned out to have the password “deviant”.
So if you are going to have a crackable password, there can be a double embarrassment.
Sorry you can’t have apostrophes, spaces or ellipses.
The only thing I don’t like about these things is: If you walk up to me on the street and offer me a cupcake to give up my password, sure. My password is “oranges.” Give me my cupcake.
But is that my real password?
Granted, some of these look genuine (and they’re idiots) and it demonstrates how you can still weasel out a password in just a few questions and a microphone/camera.
A password manager and don’t use “Jameson2009” as it’s password. 🙁
If applications are force user to make the password with required complexity features would reduce these types of incidents.
Their user ID’s could be really difficult to guess though! 🙂
I like how “michael” is one of the passwords. That must be one heck of a common name for guys. I always thought it was John Smith.